Washington — Copilot flaw let attackers steal live two-factor authentication codes. A malicious link triggered Copilot to search the victim's mail and relay the codes via Bing before the guardrail act
Ars Technica