Researchers discovered a critical vulnerability chain in Microsoft 365 Copilot Enterprise that could allow attackers to extract sensitive information from victims’ mailboxes, OneDrive, and SharePoint accounts via malicious URLs. The attack requires minimal user interaction and poses a significant risk to organizations relying on these integrated Microsoft services.

Why it matters in Western Canada: Many Western Canadian post-secondary institutions, government agencies, healthcare systems, and financial organizations use Microsoft 365 and Copilot Enterprise for collaboration and data management. This vulnerability could expose confidential student records, patient information, or financial data if exploited.

---

Summary generated from the original advisory. Read the full source: bleepingcomputer