Tag

M365

3 briefs RSS

M365 or Entra ID Identity Sign-in from a Suspicious Source

This rule correlates Entra-ID or Microsoft 365 mail successful sign-in events with network security alerts by source address, indicating potential initial access via compromised credentials.

Entra ID +1 initial-access cloud entra-id m365

2r 1t 4w ago

high advisory

CVE-2026-42893: M365 Copilot Command Injection Vulnerability

1 rule 1 TTP 1 CVE

CVE-2026-42893 is a command injection vulnerability in M365 Copilot that allows an unauthorized attacker to perform tampering over a network.

M365 Copilot command-injection cve m365 copilot

1r 1t 1c May 12, 2026

high advisory

Microsoft 365 Copilot Jailbreak Attempts via Prompt Injection

3 rules

The detection identifies attempts to jailbreak Microsoft 365 Copilot through prompt injection techniques that attempt to circumvent built-in safety controls by manipulating rules, bypassing system commands, or requesting AI impersonation.

M365 Copilot prompt-injection ai-jailbreak m365 copilot

3r Jan 3, 2024