Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
WinBuzzer

Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days

Microsoft has fixed 167 vulnerabilities in its April 2026 Patch Tuesday update, including an actively exploited SharePoint ...