|
|
|
|
|
|
by fc417fc802
367 days ago
|
|
|
No. From the linked page: > The chains allow attackers to automatically exfiltrate sensitive and proprietary information from M365 Copilot context, without the user's awareness, or relying on any specific victim behavior. Zero-click is achieved by crafting an embedded image link. The browser automatically retrieves the link for you. Normally a well crafted CSP would prevent exactly that but they (mis)used a teams endpoint to bypass it. |
|
|