Technology
Why clicking the wrong Copilot link could put your data at risk
NEWYou can now listen to Fox News articles!
AI assistants are supposed to make life easier. Tools like Microsoft Copilot can help you write emails, summarize documents, and answer questions using information from your own account. But security researchers are now warning that a single bad link could quietly turn that convenience into a privacy risk.
A newly discovered attack method shows how attackers could hijack a Copilot session and siphon data without you seeing anything suspicious on screen.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Because Copilot stays tied to your logged-in Microsoft account, attackers can quietly use your active session to access data in the background. (Photo by Donato Fasano/Getty Images)
What researchers discovered about Copilot links
ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS
Security researchers at Varonis uncovered a technique they call “Reprompt.” In simple terms, it shows how attackers could sneak instructions into a normal-looking Copilot link and make the AI do things on their behalf.
Here’s the part that matters to you. Microsoft Copilot is connected to your Microsoft account. Depending on how you use it, Copilot can see your past conversations, things you’ve asked it and certain personal data tied to your account. Normally, Copilot has guardrails to prevent sensitive information from leaking. Reprompt showed a way around some of those protections.
The attack starts with just one click. If you open a specially crafted Copilot link sent through email or a message, Copilot can automatically process hidden instructions embedded inside the link. You don’t need to install anything, and there are no pop-ups or warnings. After that single click, Copilot can keep responding to instructions in the background using your already logged-in session. Even closing the Copilot tab does not immediately stop the attack, because the session stays active for a while.
How Reprompt works
Varonis found that Copilot accepts questions through a parameter inside its web address. Attackers can hide instructions inside that address and make Copilot execute them as soon as the page loads.
That alone would not be enough, because Copilot tries to block data leaks. The researchers combined several tricks to get around this. First, they injected instructions directly into Copilot through the link itself. This allowed Copilot to read information it normally shouldn’t share.
Second, they used a “try twice” trick. Copilot applies stricter checks the first time it answers a request. By telling Copilot to repeat the action and double-check itself, the researchers found that those protections could fail on the second attempt.
Third, they showed that Copilot could keep receiving follow-up instructions from a remote server controlled by the attacker. Each response from Copilot helped generate the next request, allowing data to be quietly sent out piece by piece. The result is an invisible back-and-forth where Copilot keeps working for the attacker using your session. From your perspective, nothing looks wrong.
MICROSOFT SOUNDS ALARM AS HACKERS TURN TEAMS PLATFORM INTO ‘REAL-WORLD DANGERS’ FOR USERS
Varonis responsibly reported the issue to Microsoft, and the company fixed it in the January 2026 Patch Tuesday updates. There is no evidence that Reprompt was used in real-world attacks before the fix. Still, this research is important because it shows a bigger problem. AI assistants have access, memory and the ability to act on your behalf. That combination makes them powerful, but also risky if protections fail. As researchers put it, the danger increases when autonomy and access come together.
It’s also worth noting that this issue only affected Copilot Personal. Microsoft 365 Copilot, which businesses use, has extra security layers like auditing, data loss prevention and admin controls.
“We appreciate Varonis Threat Labs for responsibly reporting this issue,” a Microsoft spokesperson told CyberGuy. “We have rolled out protections that address the scenario described and are implementing additional measures to strengthen safeguards against similar techniques as part of our defense-in-depth approach.”
8 steps you can take to stay safe from AI attacks
Even with the fix in place, these habits will help protect your data as AI tools become more common.
1) Install Windows and browser updates immediately
Security fixes only protect you if they’re installed. Attacks like Reprompt rely on flaws that already have patches available. Turn on automatic updates for Windows, Edge, and other browsers so you don’t delay critical fixes. Waiting weeks or months leaves a window where attackers can still exploit known weaknesses.
2) Treat Copilot and AI links like login links
If you wouldn’t click a random password reset link, don’t click unexpected Copilot links either. Even links that look official can be weaponized. If someone sends you a Copilot link, pause and ask yourself whether you were expecting it. When in doubt, open Copilot manually instead.
Even after Microsoft fixed the flaw, the research highlights why limiting data exposure and monitoring account activity still matters as AI tools evolve. (Photographer: Prakash Singh/Bloomberg via Getty Images)
3) Use a password manager to protect your accounts
A password manager creates and stores strong, unique passwords for every service you use. If attackers manage to access session data or steal credentials indirectly, unique passwords prevent one breach from unlocking your entire digital life. Many password managers also warn you if a site looks suspicious or fake.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
4) Enable two-factor authentication on your Microsoft account
Two-factor authentication (2FA) adds a second layer of protection, even if attackers gain partial access to your session. It forces an extra verification step, usually through an app or device, making it much harder for someone else to act as you inside Copilot or other Microsoft services.
5) Reduce how much personal data exists online
Data broker sites collect and resell personal details like your email address, phone number, home address and even work history. If an AI tool or account session is abused, that publicly available data can make the damage worse. Using a data-removal service helps delete this information from broker databases, shrinking your digital footprint and limiting what attackers can piece together.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
6) Run strong antivirus software on your device
Modern antivirus tools do more than scan files. They help detect phishing links, malicious scripts and suspicious behavior tied to browser activity. Since Reprompt-style attacks start with a single click, having real-time protection can stop you before damage happens, especially when attacks look legitimate.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
7) Regularly review your account activity and settings
Check your Microsoft account activity for unfamiliar logins, locations, or actions. Review what services Copilot can access, and revoke anything you no longer need. These checks don’t take long, but they can reveal issues early, before attackers have time to do serious damage. Here’s how:
Go to account.microsoft.com and sign in to your Microsoft account.
Select Security, then choose View my sign-in activity and verify your identity if prompted.
Review each login for unfamiliar locations, devices, or failed sign-in attempts.
If you see anything suspicious, select This wasn’t me or Secure your account, then change your password immediately and enable two-step verification.
Visit account.microsoft.com/devices and remove any devices you no longer recognize or use.
In Microsoft Edge, open Settings > Appearance > Copilot and Sidebar > Copilot and turn off Allow Microsoft to access page content if you want to limit Copilot’s access.
Review apps connected to your Microsoft account and revoke permissions you no longer need.
A single Copilot link can carry hidden instructions that run the moment you click, without any warning or pop-ups. (iStock)
8) Be specific about what you ask AI tools to do
Avoid giving AI assistants broad authority like “handle whatever is needed.” Wide permissions make it easier for hidden instructions to influence outcomes. Keep requests narrow and task-focused. The less freedom an AI has, the harder it is for malicious prompts to steer it silently.
Kurt’s key takeaway
Reprompt doesn’t mean Copilot is unsafe to use, but it does show how much trust these tools require. When an AI assistant can think, remember and act for you, even a single bad click can matter. Keeping your system updated and being selective about what you click remains just as important in the age of AI as it was before.
Do you feel comfortable letting AI assistants access your personal data, or does this make you more cautious? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Aether OS puts a full-fledged desktop in your browser that ties directly into the AT Protocol. That means it connects to your Bluesky account and other public records. It offers a pretty full suite of apps, 42 in total, covering text editing, task management, and social media. There’s even a rudimentary tracker for making chiptunes, a DAW, and a video editor.
Of course, part of the appeal is also the cyberpunk good looks that draw obvious inspiration from The Matrix.
Right now, the project is in alpha, and there are a lot of rough edges. Documentation is also basically non-existent. So, if you get stuck trying to use an app, you’re kind of SOL. Oh, and nothing is encrypted or permissioned, so be careful what you store — it’s all publicly visible.
NEWYou can now listen to Fox News articles!
If you’ve ever searched for a car on CarGurus, your personal information could now be circulating online. A hacking group known as ShinyHunters has published what it claims are 12.4 million records taken from CarGurus, a popular auto shopping platform used by millions of people each month.
The leaked data includes names, phone numbers, email addresses, physical addresses and even finance pre-qualification details. While most of the records were already exposed in past incidents, about 3.7 million are newly added to the pile. That means fresh data is now freely available for criminals to download.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK
A hacker group known as ShinyHunters claims it leaked 12.4 million records linked to the car shopping platform CarGurus. (Wei Leng Tay/Bloomberg via Getty Images)
What you need to know about the CarGurus breach
The group behind the leak, ShinyHunters, published a 6.1GB file on Feb. 21, claiming it came from CarGurus. The file allegedly contains 12.4 million user records tied to the U.S.-based auto research and shopping platform CarGurus.
CarGurus operates in the U.S., Canada and the U.K., and its website attracts an estimated 40 million monthly visitors. It allows you to compare vehicles, contact sellers, and, in some cases, apply for financing.
According to Have I Been Pwned, which later added the dataset to its breach database, the exposed information includes email addresses, IP addresses, full names, phone numbers, physical addresses, account IDs, dealer details, subscription information and finance pre-qualification application data, along with outcomes.
Have I Been Pwned reports that about 70% of the data had already appeared in previous breaches. Roughly 3.7 million records are new. CarGurus has not released an official statement confirming the incident and did not respond to media requests for comment. ShinyHunters is known for leaking company data when ransom negotiations fail. The group has recently claimed attacks on major brands across telecom, retail, finance, and tech.
How it works and why it matters to you
ShinyHunters typically gains access by tricking employees, not by smashing through firewalls. In past cases, the group used phone calls or fake login pages to convince staff to hand over credentials. Once inside, attackers can quietly access cloud systems that store customer data.
In some campaigns, they also convinced employees to install malicious apps that granted access to customer databases. That means attackers could read stored information without triggering obvious alarms. If this dataset is legitimate, criminals now have detailed personal profiles tied to car shopping and financing activity, which is valuable.
Finance pre-qualification data is especially sensitive. Even if it does not include full Social Security numbers, it signals that you were actively sharing financial details. That makes you a prime target for follow-up scams, identity theft attempts and fake loan offers. Because the data is publicly available for download, it does not take much skill for criminals to start using it.
“We recently experienced a cybersecurity incident,” a CarGurus spokesperson told CyberGuy. “We promptly responded by securing the affected environment, and we are currently working with a leading cybersecurity firm to investigate. Based on the investigation to date, we believe the activity has been contained and limited in scope. Also, at this time, there are no indications that dealer data feeds, APIs, or core systems or products used by our consumers or dealer partners have been compromised. We remain fully operational, and our services continue without interruption. We will notify any affected individuals in accordance with applicable laws.”
DATA BREACH EXPOSES 400,000 BANK CUSTOMERS’ INFO
7 ways you can protect yourself from the CarGurus breach
Here’s what you can do right now to reduce your risk and stay ahead of potential scams tied to this leak.
1) Check if your email and passwords are compromised
To see if your email was affected, visit Have I Been Pwned at haveibeenpwned.com. Enter your email address to find out if your information appears in the CarGurus leak. When done, come back here for Step 2.
The exposed dataset reportedly includes names, emails, phone numbers, addresses and finance pre-qualification details. (Felix Zahn/Photothek via Getty Images)
2) Change your passwords immediately
Start with your most important accounts, such as email, medical and banking. Use strong, unique passwords with letters, numbers and symbols. Avoid predictable choices like names or birthdays. Never reuse passwords. One stolen password can unlock multiple accounts. A password manager makes this simple. It stores complex passwords securely and helps you create new ones. Many managers also scan for breaches to see if your current passwords have been exposed. Use a password manager to generate strong, unique passwords for every account and store them securely. That way, if one account is exposed, criminals can’t use the same password to access the rest of your accounts. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
3) Reduce your online exposure with a data removal service
You can also consider a personal data removal service. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
4) Turn on two-factor authentication
If CarGurus or your email provider offers two-factor authentication (2FA), enable it. This adds a second step, like a code sent to your phone, making it much harder for someone to access your account even if they have your password.
5) Watch for finance-related phishing scams
Be extra cautious with emails or texts about car loans, financing approvals, or dealership follow-ups. Do not click links in unsolicited messages. Instead, contact the company directly using the official contact details you find on their website. Also, use strong antivirus software to block malicious links and downloads that often follow phishing campaigns. If attackers use this leaked data to target you with infected attachments, antivirus protection adds another layer of defense.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
6) Monitor your credit reports
If you applied for financing, check your credit reports for unfamiliar inquiries or new accounts. Early detection can help you stop identity theft before it spirals. Consider placing a credit freeze if you see suspicious activity.
7) Consider identity theft protection
Identity theft protection services can monitor for unusual activity tied to your name, Social Security number, or financial accounts. They can alert you quickly if someone tries to open a new credit card in your name.
See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.
Security experts warn the leaked information could be used for phishing scams, fake loan offers and identity theft. (iStock)
Kurt’s key takeaway
This incident highlights a bigger issue than just one company. When platforms collect detailed financial and personal data, they become high-value targets. If the leaked dataset is authentic, millions of people who were simply shopping for a car now face increased risk of scams. CarGurus has not publicly confirmed a breach. Customers deserve clarity when sensitive financial application data may be involved. Silence only increases uncertainty.
Should companies that collect financing data be required to publicly confirm or deny breaches within a set timeframe? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Shout out to subscriber N_Gorski for today’s pick. They popped into the comments on last week’s recommendation to ask what I thought of the new Sotomayor record. Well, I hadn’t actually heard it yet, but now I’m obsessed.
The group consists of siblings Raul and Paulina Sotomayor from Mexico City. Wabi Sabi is their first record since 2020’s Origenes, and it is pure joy. You can look back through everything I’ve recommended over the last several months, and “fun” is not how you’d describe most of it. But that’s what Wabi Sabi is — it’s fun, chaotic, and dancey as hell.
I was only familiar with Sotomayor before this because of a short documentary about Raul’s various projects made by Ableton. In that video, he discusses how his approach to making music has changed over the years. How he used to try to make things sound “proper” and “clean,” but now it’s about “how much can we distort it” or “how much can we stretch it.”
You can certainly hear that in the music. The first track, “Me dejo llevar,” opens with a synth arpeggio that has clearly been timestretched to within an inch of its life. It’s loaded with digital artifacts. The whole track has a light crust, as if everything is clipping just ever so slightly. “Who’s there” similarly bristles as the edges, sounding like a dance floor constantly on the verge of erupting into a riot.
The vintage electronic drum hits, droning bass, and reverb-drenched noise stabs never reach full catharsis, but simmer beautifully into album highlight “Vida.” Here, Paulina finds a sultry gear as she croons over a UK garage-inflected track that eventually erupts into an afrohouse club banger.
Wabi Sabi ricochets between genres with infectious abandon. Afrobeat, cumbia, electro pop, R&B, and more all collide in what is easily the most fun album of 2026 so far. What makes it all the more impressive is that, for all its unconventional sounds (a donkey jaw?) and stylistic excursions, Sotomayor still has a distinct vision that holds the record together.
At no point does the chaos threaten to overwhelm. Never does it feel like the duo are simply throwing things at the wall to see what sticks; everything is a carefully made decision in service of the party. The gently meandering guitar of “Yo se todo de ti,” the classic house of “Todo se derrumba,” and the dancehall of “Prende la palma” all feel unified by Paulina’s undeniable charisma on the mic and Raul’s uninhibited sonic curiosity.
Unbeaten UConn joined by Texas, UCLA and South Carolina as No. 1 seeds for women’s NCAA Tournament
Cold temperatures settle across Utah before major warm-up
Louisville vs. Vermont game time set for 2026 NCAA Tournament opener
How to buy Virginia vs. Wright State 2026 March Madness tickets
How to watch Wisconsin vs High Point in NCAA Tournament: Time, TV, odds
Florida High School Football Rankings: Top 25 teams – Oct. 21
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Top DHS official calls citizenship test ‘too soft’ as terror attacks renew scrutiny of vetting
Ministers to discuss extending EU naval mission to Strait of Hormuz
Hawaii faces flash flooding, blizzard conditions and landslides with more rain to come
Top California librarian questioned about missing $650K tied to Dolly Parton child literacy program
Jamal Rayyan, the first face of Al Jazeera, dies at 73
-
Detroit, MI1 week agoU.S. Postal Service could run out of money within a year
-
Oklahoma1 week agoOSSAA unveils Class 6A-2A basketball state tournament brackets, schedule
-
Michigan6 days agoOperation BBQ Relief helping with Southwest Michigan tornado recovery
-
Oklahoma1 day agoFamily rallies around Oklahoma father after head-on crash
-
Southeast6 days ago‘90 Day Fiancé’ alum’s boyfriend on trial for attempted murder over wild ‘Boca Bash’ accusations
-
Health1 week agoAncient herb known as ‘nature’s Valium’ touted for improving sleep and anxiety
-
Nebraska3 days agoWildfire forces immediate evacuation order for Farnam residents
-
Business1 week agoCommentary: In two new court cases, judges find that AI does not have human intelligence