Reprompt flaw lets attackers hijack Copilot sessions via malicious prompts

January 14, 2026 at 06:09 PM

•

1 min read

Reprompt flaw lets attackers hijack Copilot sessions via malicious prompts — Photo: BleepingComputer

TL;DR Summary

Researchers exposed 'Reprompt', a flaw that injects commands via Copilot's URL q parameter to hijack an authenticated session and exfiltrate data, using P2P injection, double-request, and chain-request techniques; Microsoft patched the vulnerability on January 2026 Patch Tuesday, mainly affecting Copilot Personal rather than Microsoft 365 Copilot, and users should apply the latest Windows updates.

Topics:technology #copilot #data-exfiltration #prompt-injection #reprompt #security #vulnerability

Share this article

Reprompt attack hijacked Microsoft Copilot sessions for data theft BleepingComputer
Microsoft Copilot Reprompt exploit allowed attackers to steal your AI data Windows Central
Your Copilot data can be hijacked with a single click - here's how ZDNET
New One-Click Microsoft Copilot Vulnerability Grants Attackers Undetected Access to Sensitive Data Cyber Security News

Reading Insights

Total Reads

Unique Readers

Time Saved

5 min

vs 5 min read

Condensed

94%

976 → 54 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights