Hackers turn Microsoft 365 Copilot into a one-click data theft tool

Varonis found a way to chain three bugs into one exploit that can lead to data exfiltration.
Tech Times

Cisco Unified CM SSRF Flaw CVE-2026-20230: Public Exploit Code Opens Path to Root

Cisco Unified Communications Manager vulnerability CVE-2026-20230 allows unauthenticated attackers to gain root access via SSRF and arbitrary file writes. Working proof-of-concept exploit code is ...
The Next Web

A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.
SecurityWeek

Cisco Warns of Available PoC for Critical Unified CM Vulnerability

Cisco warns of public PoC targeting CVE-2026-20230, a high-severity SSRF vulnerability in Unified CM and Unified CM SME.
Computing

SearchLeak attack turns Copilot Enterprise into an insider threat

Researchers at security firm Varonis have demonstrated a proof-of-concept attack on Microsoft 365 that uses Copilot Enterprise Search as an unwitting insider to potentially steal ...