A single click on a manipulated Microsoft link was sufficient to exfiltrate sensitive data such as one-time passwords and corporate files through parameter-to-prompt injection.
Three chained bugs in Microsoft 365 Copilot allowed attackers to exfiltrate corporate data via a legitimate microsoft.com link, as traditional anti-phishing filters did not block legitimate sources.