A recently patched vulnerability in Microsoft 365 Copilot Enterprise allowed attackers to steal sensitive organizational data, including authentication codes and corporate files, through a single click on a legitimate Microsoft link.