// Alert

Microsoft 365 threat report

Microsoft patched CVE-2026-42824 (SearchLeak), a critical vulnerability in Microsoft 365 Copilot Enterprise that allowed attackers to craft a malicious link to steal emails, documents, and meeting details from victims with a single click. The attack chained three separate bugs to exfiltrate data without user awareness. Microsoft applied the fix automatically at the beginning of June 2026.

// Get alerts for Microsoft 365