Datadog

Datadog Security Labs disclosed “CoPhish,” a phishing method that uses Microsoft Copilot Studio agents and legitimate Microsoft-hosted demo pages to deliver fraudulent OAuth consent flows and harvest session tokens; Microsoft says it will address the issue in a future update and both vendors recommend tightening admin privileges and consent policies.