CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...