NRG Networks Inc.

  One‑Click Microsoft 365 Copilot Flaw (June 2026) A critical vulnerability chain —nicknamed “SearchLeak” —was disclosed on June 15, 2026 , affecting Microsoft 365 Copilot Enterprise Search. It allowed data exfiltration with just a single click on a trusted Microsoft link . What made this flaw dangerous? ✅ One click only – no prompt, no login trick, no second interaction required ✅ Legitimate Microsoft URL – bypassed phishing filters and URL protections ✅ Access to everything Copilot can see – email, files, calendar, SharePoint, OneDrive ✅ Could expose sensitive data like MFA codes, email subjects, and documents How the attack worked (simplified) The exploit combined three separate weaknesses into one chain : 1) Parameter‑to‑Prompt Injection (AI-specific flaw) Copilot accepts a q parameter in URLs for search queries Attackers embed malicious instructions inside that parameter When clicked, Copilot executes them as if the user typed them 👉 Example: a link tells Copilot to...

  Kodak hit by ShinyHunters (June 2026) Target: kodak.com Date discovered: June 15, 2026 Attack type: Data theft + extortion (ransomware-style “pay or leak”) Reported impact ~2.2 million records allegedly stolen Data includes: Customer PII (personally identifiable info) Internal corporate data Extortion message ShinyHunters is doing what they always do: Issued a deadline (June 18, 2026) Threat: pay or they leak everything publicly Context — why this keeps happening This isn’t a one-off. In 2026 alone: ShinyHunters has hit 40+ organizations and stolen hundreds of millions of records They specialize in: Cloud/service misconfigs Credential phishing Zero-day exploits Straight data exfiltration + extortion (no encryption needed)  Their model is simple: Steal data → prove it → demand payment → leak if ignored. What makes this Kodak breach notable Kodak is a legacy brand with large customer/customer-history datasets 2M+ records means: likely customer contact data possibly histori...