Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
HackTheBox 320x100 1
TM RedHotCyber 970x120 042543
Microsoft Copilot Vulnerability Exposes User Data to Hackers

Microsoft Copilot Vulnerability Exposes User Data to Hackers

15 January 2026 07:45

A recently fixed vulnerability allowed attackers to exploit Microsoft Copilot Personal with a single click to steal sensitive user data. Using a phishing link, attackers were able to take control of sessions without requiring further intervention, exploiting a flaw that has since been patched.

Attackers launch Reprompt by sending a phishing email with a legitimate Copilot URL containing a malicious “q” parameter, which automatically executes a prompt when the page loads.

The discovery was made by Varonis, who detailed three key techniques that allow data theft by bypassing Copilot’s security measures designed to block URL retrievals and leaks.

Parameter-to-Prompt (P2P) injection takes advantage of the victim’s authenticated session, which persists even after the tab is closed, to extract sensitive information such as usernames, locations, file access history, and vacation plans.

Attack flow (Source Varonis)

These techniques make data exfiltration undetectable, as the prompts appear harmless while the information is gradually leaked to the attackers’ servers.

Reprompt targets Copilot Personal, a consumer-facing tool built into Windows and Edge that allows access to Microsoft prompts, logs, and information such as recent documents and location.

Varonis responsibly reported the issue to Microsoft on August 31, 2025 , with a fix distributed via Patch Tuesday on January 13, 2026. Users are advised to immediately apply the latest Windows updates to block residual issues.

Compared to previous vulnerabilities, such as EchoLeak (CVE-2025-32711), Reprompt stood out by requiring no documentation or plugins, highlighting the dangers of URL parameters in AI platforms.

Example of a prompt (Source Varonis)

It’s critical that organizations consider AI URL inputs potentially dangerous and implement robust security measures for all combined prompts. For Copilot Personal users, careful evaluation of predefined prompts, along with avoiding dubious links and monitoring for irregularities, such as unsolicited data requests, is essential.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Cropped RHC 3d Transp2 1766828557 300x300
The editorial staff of Red Hot Cyber is composed of IT and cybersecurity professionals, supported by a network of qualified sources who also operate confidentially. The team works daily to analyze, verify, and publish news, insights, and reports on cybersecurity, technology, and digital threats, with a particular focus on the accuracy of information and the protection of sources. The information published is derived from direct research, field experience, and exclusive contributions from national and international operational contexts.