Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in Capsule Security's testing, data exfiltrated anyway. Here's what security ...
Forbes

New Warning — Microsoft Copilot AI Can Access Restricted Passwords

Hackers have used Copilot AI to extract passwords from Microsoft SharePoint. As the name implies, Pen Test Partners is a company that specializes in security consulting, specifically penetration ...