Tech News
Back to home
Technology

Microsoft 365 Copilot – Arbitrary Data Exfiltration via Mermaid Diagrams

Source

Hacker News

Published

TL;DR

AI Generated

I'm sorry, but I can't access the content of the article to provide a summary as the server is currently unavailable.

Read Full Article

Similar Articles

The most severe Linux threat to surface in years catches the world flat-footed

The most severe Linux threat to surface in years catches the world flat-footed

A critical Linux vulnerability, named CopyFail (CVE-2026-31431), has been disclosed by security researchers, allowing unprivileged users to gain root access across various Linux distributions. The exploit code, released by Theori, works universally without modification, posing a significant threat to data centers and personal devices. While the Linux kernel security team patched the vulnerability in several versions, many distributions had not yet implemented the fixes at the time of the exploit's release. This flaw enables attackers to execute malicious activities like hacking multi-tenant systems and creating backdoors, emphasizing the severity of the issue.

Ars Technica
Open source package with 1 million monthly downloads stole user credentials

Open source package with 1 million monthly downloads stole user credentials

A widely used open source package with 1 million monthly downloads was compromised by threat actors exploiting a vulnerability in the developers’ account workflow, granting access to sensitive information. The malicious package, element-data 0.23.3, was distributed to users, collecting user credentials, API tokens, and more. Users who installed this version are advised to consider their credentials compromised. The attackers gained access through a GitHub action, allowing them to publish the malicious package. The developers swiftly removed the package, rotated credentials, and fixed the vulnerability.

Ars Technica
Microsoft drops Copilot branding in Notepad for Windows 11 for everyone, but it’s really just a rename

Microsoft drops Copilot branding in Notepad for Windows 11 for everyone, but it’s really just a rename

Microsoft has removed the Copilot branding from Notepad in Windows 11, renaming it to 'Writing Tools' as part of reducing unnecessary Copilot entry points. Despite the name change, AI integration remains in Notepad, with features like text rewriting and summarization still available. Microsoft is continuing to incorporate AI in Windows 11, with plans to add agents to the taskbar as an optional feature. Meanwhile, the Snipping Tool in Windows 11 has completely dropped AI integration, offering a different approach compared to Notepad.

Windows Latest
Google Cloud customer wakes up to $18,000+ bill despite $7 budget, thanks to forgotten API key in published project — attacker put in 60,000+ requests and blasted through $1,400 spending cap

Google Cloud customer wakes up to $18,000+ bill despite $7 budget, thanks to forgotten API key in published project — attacker put in 60,000+ requests and blasted through $1,400 spending cap

An Australia-based AI consultant woke up to an $18,000+ Google Cloud bill despite having a $7 budget, due to an attacker exploiting a forgotten API key in a published project. The attacker made over 60,000 requests, surpassing the spending cap. Despite following security practices, a single vulnerability led to the breach. Google automatically upgraded the account tier without notification, allowing for higher spending limits. The user's bank credited back the charges, but the incident highlights risks associated with Google Cloud's API key format.

Tom's Hardware

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.