Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
Dark Reading

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker ...

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...

108 more Chrome extensions found to be injecting ads and harvesting data

The development was highlighted by supply chain security firm Socket (via Toms Guide ), with the report laying out 108 ...