January 15, 2026 // Vulnerability | #Reprompt Attack #Microsoft Copilot #Prompt Injection

Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot - The Hacker News

Researchers unveiled a "Reprompt" attack method enabling single-click data exfiltration from Microsoft Copilot by exploiting the "q" URL parameter for indirect prompt injection. This attack bypasses enterprise security controls and guardrails, facilitating continuous, hidden data exfiltration via attacker-controlled servers without further user interaction.

Source: Original Report ↗
← Back to Feed