Is the exploitation further expecting that the evil link will pe presented as a part of chat response and then clicked to exfiltrate the data in the path or querystring?
> The chains allow attackers to automatically exfiltrate sensitive and proprietary information from M365 Copilot context, without the user's awareness, or relying on any specific victim behavior.
Zero-click is achieved by crafting an embedded image link. The browser automatically retrieves the link for you. Normally a well crafted CSP would prevent exactly that but they (mis)used a teams endpoint to bypass it.
fc417fc802|8 months ago
> The chains allow attackers to automatically exfiltrate sensitive and proprietary information from M365 Copilot context, without the user's awareness, or relying on any specific victim behavior.
Zero-click is achieved by crafting an embedded image link. The browser automatically retrieves the link for you. Normally a well crafted CSP would prevent exactly that but they (mis)used a teams endpoint to bypass it.