A high‑impact information‑disclosure flaw in Microsoft’s Copilot family of assistants — widely discussed under the researcher name “Reprompt” and tracked by some vendors as CVE‑2026‑24307 — exposed a design weak‑spot in how Copilot handled prompt content embedded in links, enabling a...
A critical weakness in Microsoft Copilot Personal allowed attackers to turn a single, legitimate click into a stealthy exfiltration channel that could siphon profile attributes, file summaries and conversational memory — a chained prompt‑injection attack Varonis Threat Labs labeled “Reprompt”...
The security conversation around generative AI and agentic tooling hardened this week in a way that should make every Windows administrator, CISO, and IT procurement lead pay attention: concentrated exposure from a handful of consumer AI apps, emergent server‑side exfiltration mechanics...
For months, millions treated Microsoft Copilot as a helpful companion inside Windows and Edge — until security researchers demonstrated that a deceptively small UX convenience could be turned into a one‑click data‑exfiltration pipeline called “Reprompt.”
Background / overview
Varonis Threat Labs...
A deceptively small UX convenience — letting Copilot accept a prefilled prompt from a URL — was chained into a practical, one‑click data‑exfiltration technique that security researchers named Reprompt, and the discovery forced a rapid hardening of Microsoft’s consumer Copilot surface during...
A deceptively small UX convenience — allowing Microsoft Copilot to accept a prefilled prompt from a URL — was chained into a practical, one‑click data‑exfiltration technique that security researchers named “Reprompt,” and the discovery has exposed how quickly assistant conveniences can become...
A deceptively small UX convenience—allowing Microsoft Copilot to accept a prefilled prompt from a URL—was chained into a practical, one‑click data‑exfiltration technique that targeted Copilot Personal and, until Microsoft pushed mitigations in mid‑January 2026, could quietly siphon profile...
Varonis Threat Labs’ proof‑of‑concept shows that a deceptively small convenience — allowing Microsoft Copilot to accept a prefilled prompt from a URL — could be chained into a practical, one‑click data‑exfiltration technique that targeted Copilot Personal and could, under lab conditions, siphon...
A deceptively small design choice — allowing Copilot to accept a prefilled prompt from a URL — has been chained into a practical, one‑click data‑exfiltration technique that bypassed Copilot Personal safeguards and let an attacker quietly siphon profile data, file summaries and conversational...
A new, deceptively simple attack named “Reprompt” has exposed a critical weakness in Microsoft Copilot Personal: with a single click on a legitimate Copilot deep link an attacker could, under the right conditions, mount a multistage, stealthy data‑exfiltration chain that pulls names, locations...
Microsoft's Copilot ecosystem landed in the headlines this week for two very different reasons: a high‑profile, single‑click data‑exfiltration proof‑of‑concept dubbed Reprompt that security researchers say Microsoft has patched, and the wider rollout of developer tooling with the Copilot Studio...
Microsoft Copilot users face a new prompt-injection vector that researchers say can be triggered with a single click — a technique reported as “Reprompt” that abuses URL parameters to feed malicious prompts into Copilot, bypass built‑in safeguards, and siphon sensitive content from user sessions...
A row of deceptively benign Chrome extensions—installed by hundreds of thousands of users—were audited and exposed this week as active surveillance tools that collect and exfiltrate entire conversations with AI assistants (notably ChatGPT and DeepSeek) along with full browsing context to...
A chain of recent disclosures shows that seemingly helpful browser extensions — including a long‑running Chrome add‑on and several “privacy” VPN tools with millions of installs — quietly gained the ability to intercept, record and transmit users’ AI-chat conversations and web traffic, turning...
Security researchers have exposed a family of seemingly benign Chrome and Edge extensions that quietly intercepted entire conversations with major AI chat services and forwarded those chats to remote analytics servers—an exposure that affects millions of users and raises urgent questions about...
Security researchers disclosed that a widely used Chrome extension, Urban VPN Proxy, quietly began harvesting full conversations with major AI chat services after a July 2025 update, capturing every prompt and response and shipping that data to analytics backends owned or affiliated with the...
Security researchers have uncovered a startling privacy breach in plain sight: several widely used Google Chrome and Microsoft Edge extensions — marketed as privacy and security tools — were quietly intercepting users’ conversations with AI assistants and sending those chats to third parties for...
A family of popular browser extensions marketed as free VPNs and privacy tools secretly intercepted entire conversations with ChatGPT, Google Gemini, Anthropic Claude and several other AI chat services, then forwarded those chats to analytics servers and — according to researchers — to a...
Guy Zetland and Keren Katz report that a Tenable AI Research proof‑of‑concept has turned Microsoft Copilot Studio’s promising no‑code agent model into a glaring attack surface: simple prompt injections can coax agents into leaking sensitive records — including credit card data — and even change...
A sprawling, seven‑year campaign that quietly converted trusted Chrome and Edge extensions into full‑blown spyware has been revealed — and the fallout touches millions of users who never suspected their productivity or wallpaper add‑ons were silently watching them.
Background / Overview
Security...