Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

A Single Click Mounted a Covert, Multistage Attack Against Copilot

Varonis revealed that Reprompt exploits authenticated Copilot Personal sessions to stealthily exfiltrate data via chained requests, with Microsoft patching the vulnerability in January 2026.

Summary by Ars Technica
Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white-hat researchers from security firm Varonis. The net effect of their multistage attack was that they exfiltrated data, including the target’s name, location, and details of specific events from the user’s Copilot chat history. The attack continued t…

9 Articles

Tom's GuideTom's Guide
Center

This Microsoft Copilot vulnerability only requires a single click, and your personal data could be stolen

The Reprompt attack uses Copilot to steal victims personal information.

Read Full Article
Tech RadarTech Radar
Center

Microsoft Copilot AI attack took just a single click to compromise users - here's what we know

Varonis uncovers a new way to carry out prompt injection attacks, forcing Microsoft into a quick fix.

·United Kingdom
Read Full Article
ZDNetZDNet
Center

Reprompt Attacks Exploit Copilot to Steal User Data

Researchers have uncovered a new attack method that can be performed with one click and bypasses Microsoft Copilot security controls, allowing for the unauthorized capture of user data.

·United States
Read Full Article
Ars TechnicaArs Technica
Center

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white-hat researchers from security firm Varonis. The net effect of their multistage attack was that they exfiltrated data, including the target’s name, location, and details of specific events from the user’s Copilot chat history. The attack continued t…

·United States
Read Full Article
BleepingComputerBleepingComputer
Center

Reprompt attack let hackers hijack Microsoft Copilot sessions

Researchers identified an attack method dubbed

Read Full Article
01net01net

Windows Threat: a Vulnerability in Microsoft Copilot Allows the Theft of All Your Data.

A new threat is emerging for Windows. Researchers at Varonis have discovered a new security vulnerability in Microsoft Copilot. It allows attackers to siphon your data without your knowledge…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Wednesday, January 14, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Theft icon

Theft

Windows icon

Windows

Artificial Intelligence icon

Artificial Intelligence

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal