VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...
CSOonline

Copilot and Agentforce fall to form-based prompt injection tricks

Prompt injection flaws in Microsoft Copilot Studio and Salesforce Agentforce let attackers weaponize form inputs to override agents' behavior and exfiltrate sensitive customer and business data.
Hosted on MSN

10 Copilot prompts that instantly organize your work life

Copilot is quickly becoming the quiet organizer behind many people’s workdays, turning scattered files, emails, and chats into something manageable. By pairing strong prompts with Microsoft 365, I can ...