Microsoft disclosed and fully mitigated three critical information disclosure vulnerabilities in Microsoft 365 Copilot and Copilot Chat in Microsoft Edge, all classified with high confidentiality risks and affecting enterprise data access. These cloud-side flaws, discovered by Microsoft and an independent researcher, required no action from users or administrators as fixes were applied server-side, but organizations are advised to enforce least-privilege access to limit potential exposure of sensitive corporate information.
https://cybersecuritynews.com/microsoft-365-copilot-vulnerabilities-data/

