WIRE

Jack Smith to Testify Before Congress on Trump Investigations Exclusive | The U.S. Is Actively Seeking Regime Change in Cuba by the End of the Year - WSJ Zelensky to meet Trump in Davos as U.S. envoys head to Moscow NATO’s Mark Rutte emerges as Trump whisperer-in-chief after dramatic about-face at Davos Three Dead After Shooting in Rural Australian Town Deportations up, job growth down: Trump’s second term so far – in charts Severe Winter Storm Watch in the Piedmont Triad this weekend: Here’s what we know China Wins as Trump Cedes Leadership of the Global Economy Snowstorm set to hit the Philadelphia region this weekend | Live Updates Austin Thompson Pleads Guilty in North Carolina Shooting That Left 5 Dead Carney’s global test For Europe’s far right, Trump has become a liability Jack Smith to Testify Before Congress on Trump Investigations Exclusive | The U.S. Is Actively Seeking Regime Change in Cuba by the End of the Year - WSJ Zelensky to meet Trump in Davos as U.S. envoys head to Moscow NATO’s Mark Rutte emerges as Trump whisperer-in-chief after dramatic about-face at Davos Three Dead After Shooting in Rural Australian Town Deportations up, job growth down: Trump’s second term so far – in charts Severe Winter Storm Watch in the Piedmont Triad this weekend: Here’s what we know China Wins as Trump Cedes Leadership of the Global Economy Snowstorm set to hit the Philadelphia region this weekend | Live Updates Austin Thompson Pleads Guilty in North Carolina Shooting That Left 5 Dead Carney’s global test For Europe’s far right, Trump has become a liability

Cyber & Technology

A single click mounted a covert, multistage attack against Copilot

January 22, 2026 at 03:16Z

BIAS: Lean Left
RELIABILITY: High

Ars Technica Security
22:03Z

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white-hat researchers from security firm Varonis . The net effect of their multistage attack was that they exfiltrated data, including the target’s name, location, and details of specific events from the user’s Copilot chat history.

The attack continued to run even when the user closed the Copilot chat, with no further interaction needed once the user clicked the link, a legitimate Copilot one, in the email. The attack and resulting data theft bypassed enterprise endpoint security controls and detection by endpoint protection apps. It just works “Once we deliver this link with this malicious prompt

Source Assessment

Political Bias

Lean Left

Reliability

High

Continue reading at the original source

Read Full Article at Ars Technica Security →