Microsoft patches critical M365 Copilot vulnerability allowing 2FA code theft via email content injection

According to Ars Technica, Microsoft patched a maximum-severity vulnerability in M365 Copilot that allowed attackers to extract two-factor authentication codes and other sensitive data from emails. Researchers exploited the gap between user instructions and data embedded in third-party content by using HTML markup to bypass Copilot's guardrails against data exfiltration, revealing a systemic inability of LLM providers to distinguish malicious instructions from legitimate user requests.