Tagged #win-drv

• June 17, 2026

  Microsoft 365 Copilot 'SearchLeak' Enables One-Click Data Theft as Novo Nordisk Loses Internal AI Models to Extortionists

  A critical day for AI and enterprise security: Microsoft 365 Copilot was patched for the "SearchLeak" one-click exfiltration vulnerability (CVE-2026-42824), while Novo Nordisk confirmed a breach exposing trained AI models and proprietary training data to extortionists. Multiple actively-exploited flaws emerged in Fortinet FortiSandbox, Joomla JCE, Cisco Catalyst SD-WAN Manager, LiteSpeed cPanel, and Palo Alto GlobalProtect, alongside supply-chain compromises affecting Arch Linux AUR, JetBrains Marketplace, and npm packages. Major APTs including UNC6508, SprySOCKS (FishMonger), ScarCruft, and SideCopy expanded targeting of medical research, defense, and developer communities.