654 matches found
New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams
Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments...
EUVD-2026-34334
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-45497
CVE-2026-45497 affects Microsoft Copilot (M365 Copilot). According to the description, it involves improper neutralization of special elements in a command (command injection) that could allow an authorized attacker to execute code over a network. The connected documents do not provide concrete t...
CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability
...
CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability
...
CVE-2026-42824
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability
...
CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability
...
Microsoft M365 Copilot Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse t...
Email item data export from EWS failed
Challenge Exchange Online backup jobs in Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 may fail to process mailboxes, returning one of the following errors: Processing mailbox failed with error: Email item data export from EWS failed item IDs: .... The operation has timed...
Kali365 phishing kit bypasses MFA and steals Microsoft logins
When the Federal Bureau of Investigation FBI publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to. The agency is now warning about “Kali365,” a phishing‑as‑a‑service PhaaS platform that helps even low‑skilled attackers hijack Microsoft 365...
CVE-2026-42827
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-42827
CVE-2026-42827 concerns a command injection vulnerability in Microsoft 365 Copilot. The Red Hat, NVD, MSRC, and other feeds describe improper neutralization of special elements used in a command, enabling an attacker to disclose information over a network. Affected product is Microsoft 365 Copilo...
EUVD-2026-31513
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-42827 M365 Copilot Information Disclosure Vulnerability
...
CVE-2026-42827 M365 Copilot Information Disclosure Vulnerability
...
FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Account
FBI warns of Kali365, a PaaS scam kit that lets cybercriminals bypass MFA and hijack Microsoft 365 accounts without passwords...
PT-2026-42848
Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to disclose information over a network. Recommendations At the...
Microsoft 365 Copilot 命令注入漏洞
Microsoft 365 Copilot is a generative AI collaboration assistant integrated into the Microsoft Office suite. Microsoft 365 Copilot has a command injection vulnerability, which stems from improper of special elements during command injections. This vulnerability could allow unauthorized attackers ...