Council of Europe Hacked 🇪🇺 & Microsoft Copilot Used to Steal Your Data 💻
Two major security stories broke today that every business and individual should know about — one exposing a massive breach at one of Europe's most trusted institutions, and another revealing how a widely used AI tool was quietly weaponized against its own users.
ShinyHunters Breach the Council of Europe — 429,000 Files Stolen
The infamous ShinyHunters ransomware gang is claiming credit for hacking the Council of Europe — the continent's foremost human rights body, with 46 member states. According to the group, they've made off with over 429,000 files containing some of the most sensitive data imaginable: payroll records, bank account information, medical records, tax and social security details, employee CVs, and performance evaluations.
If confirmed, this is a serious breach of a highly trusted institution — the kind of organization people expect to handle sensitive data with the utmost care. Employees and anyone who has interacted with the Council could be at risk of identity theft, phishing attacks, and financial fraud. It's also a stark reminder that even the most prominent, well-resourced organizations are targets.
Microsoft 365 Copilot Was Turned Into a One-Click Data Theft Tool
Security researchers at Varonis discovered a critical vulnerability — now tracked as CVE-2026-42824 — that let attackers steal your emails, calendar, SharePoint files, and OneDrive documents with a single malicious link. The attack, dubbed "SearchLeak," worked by tricking Microsoft 365 Copilot's AI search into treating a URL parameter as an instruction, then secretly funneling the results out to an attacker-controlled server before the system's own defenses could catch it.
The good news: Microsoft has already patched this, and no action is required from users. The scary part: it's a vivid example of how AI-powered tools can amplify old web vulnerabilities into something far more dangerous. If you use Microsoft 365 in your organization, this is exactly the kind of threat your security team needs to be tracking.
Stay ahead of threats like these with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment