How a simple link allowed hackers to bypass Copilot's security guardrails - and what Microsoft did about it

ZDNet reports on 'Reprompt', a Varonis Threat Labs discovery of a prompt-injection attack against Microsoft Copilot that abused a 'q' URL parameter plus repeated and chained requests to silently exfiltrate user data (including PII) after a single click; Varonis disclosed the issue to Microsoft, which patched the flaw and said enterprise Copilot customers were not affected.