A critical vulnerability in Microsoft 365 Copilot allows attackers to compromise systems through a simple link click, without employing classical phishing or password theft techniques.
Attackers remained hidden in research networks for over a year and diverted research and defense emails through configured Google Workspace rules instead of using classic exfiltration channels.
A majority of CISOs report pressure from management to delay or withhold negative security disclosures, despite regulatory requirements and best practices demanding prompt transparency.
Germany’s NIS2 law becomes mandatory in December and obligates approximately 29,500 companies to implement standardized information security management, risk governance, and incident reporting.
Three chained bugs in Microsoft 365 Copilot allowed attackers to exfiltrate corporate data via a legitimate microsoft.com link, as traditional anti-phishing filters did not block legitimate sources.