Cybersecurity

Security firm Varonis has disclosed a technique dubbed 'Reprompt' that showed how a single click on a specially crafted Microsoft Copilot link could let attackers hijack a user’s active Copilot session and quietly exfiltrate data tied to their Microsoft account. The attack, now patched in Microsoft’s January 2026 Patch Tuesday release, hid instructions in Copilot’s URL parameters, used a 'try twice' prompt to bypass some of Copilot’s safety checks on the second attempt, and then pulled additional commands from a remote server so Copilot could keep sending out data in the background even after the visible tab was closed. Because Copilot is wired into a user’s Microsoft identity and can see past conversations and some account‑linked information, abuse of that session could have exposed sensitive content without any pop‑ups or obvious on‑screen red flags. Varonis reported the vulnerability privately to Microsoft, which fixed it, and there is no evidence it was exploited in the wild before the patch, but the case underscores how AI assistants’ access and autonomy can turn them into high‑value targets when their guardrails fail. For U.S. users, the finding reinforces long‑standing advice to treat AI‑assistant links like any other potentially malicious URL and to keep systems fully patched, especially in corporate and government Microsoft 365 environments.

Security researchers have uncovered a new malware campaign, dubbed Boto Cor‑de‑Rosa, that hijacks WhatsApp Web sessions on Windows PCs to auto‑distribute the Astaroth banking trojan through victims’ chat contacts. The attack begins when a user opens a seemingly routine ZIP file sent over WhatsApp that actually contains an obfuscated Visual Basic script, which then pulls additional components, including the Astaroth payload and a Python module that programmatically controls WhatsApp Web in the browser. Once installed, the malware quietly sends the same malicious ZIP to every contact with a friendly‑sounding text like, “Here is the requested file. If you have any questions, I’m available!”, making it far more likely recipients will open it because it appears to come from someone they know. Researchers at Acronis say the propagation tool tracks delivery metrics every 50 messages so attackers can tune the campaign, while the trojan itself hides in a directory mimicking a Microsoft Edge cache and is designed to steal credentials and potentially access financial accounts. For U.S. users, the story underscores that even trusted, end‑to‑end encrypted apps can become delivery vehicles when their web clients are compromised, and that routine‑looking ZIPs from real contacts are now a serious infection vector.