{"id":127942,"date":"2025-10-25T23:34:31","date_gmt":"2025-10-25T18:04:31","guid":{"rendered":"https:\/\/www.techworm.net\/?p=127942"},"modified":"2025-10-25T23:34:31","modified_gmt":"2025-10-25T18:04:31","slug":"cophish-attack-steals-microsoft-oauth-tokens","status":"publish","type":"post","link":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html","title":{"rendered":"CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens"},"content":{"rendered":"<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">A newly identified phishing technique known as\u00a0<strong>\u201cCoPhish\u201d<\/strong>\u00a0exploits Microsoft Copilot Studio agents to deliver deceptive OAuth consent prompts through legitimate Microsoft domains.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Researchers at\u00a0<strong>Datadog Security Labs<\/strong>\u00a0discovered the method, warning that Copilot Studio\u2019s high level of customization can unintentionally create new phishing vectors.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">While the attack depends primarily on\u00a0<strong>social engineering<\/strong>, Microsoft confirmed that it is working on a fix.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">A company spokesperson stated that Microsoft is \u201ctaking action to address it through future product updates\u201d and remains focused on strengthening consent governance and implementing extra safeguards to prevent misuse.<\/p>\n<h3><strong>How OAuth Tokens Work<\/strong><\/h3>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">In an OAuth consent phishing attack targeting Microsoft Entra ID, an adversary registers a malicious application that requests permissions to access or control a victim\u2019s data. The attacker then tricks the user into granting consent through Entra ID\u2019s legitimate application consent process.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Once consent is granted, the platform issues an access token with those permissions and redirects it to a URL controlled by the attacker.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">This token can then be used to impersonate the victim, view emails, or access sensitive corporate resources.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Microsoft provides a detailed breakdown of this attack chain and its mitigations in its\u00a0<a class=\"reset interactable cursor-pointer decoration-1 underline-offset-1 text-super hover:underline font-semibold\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/09\/22\/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-wpel-link=\"external\"><span class=\"text-box-trim-both\">official security blog.<\/span><\/a><\/p>\n<h3><strong>How it Works<\/strong><\/h3>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Once a malicious Copilot Studio agent\u2019s demo page is activated, attackers can share its link through phishing emails or Microsoft Teams messages.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">This is because the URL is hosted on an official Microsoft domain and visually resembles a legitimate Copilot page, victims may easily mistake it for a real service.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Datadog\u2019s Chris Knowles noted that a subtle clue\u2014the \u201cMicrosoft Power Platform\u201d icon could hint that something is amiss, though many users would likely overlook it.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">When a victim clicks the login button and grants permissions, they are redirected through the legitimate Copilot authentication service at <code>token.botframework.com<\/code>.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Although this appears to be a standard Microsoft sign-in flow, the session token is covertly captured and forwarded to the attacker using tools such as Burp Collaborator, allowing the threat actor to hijack the session seamlessly.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">The reason is because all authentication traffic is routed through Microsoft\u2019s infrastructure, it appears trustworthy and leaves no trace of suspicious activity in network logs.<\/p>\n<p class=\"my-2 [&amp;+p]:mt-4 [&amp;_strong:has(+br)]:inline-block [&amp;_strong:has(+br)]:pb-2\">Datadog\u2019s researchers detailed this entire exploit path from the victim\u2019s interaction with the malicious Copilot agent to the attacker\u2019s receipt of the stolen token in their analysis of the CoPhish attack.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A newly identified phishing technique known as\u00a0\u201cCoPhish\u201d\u00a0exploits Microsoft Copilot Studio agents to deliver deceptive OAuth consent prompts through legitimate Microsoft domains. Researchers at\u00a0Datadog Security Labs\u00a0discovered the method, warning that Copilot Studio\u2019s high level of customization can unintentionally create new phishing vectors. While the attack depends primarily on\u00a0social engineering, Microsoft confirmed that it is working on [&hellip;]<\/p>\n","protected":false},"author":56,"featured_media":127947,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[91],"tags":[64586,64584,64585],"class_list":{"0":"post-127942","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-microsoft","8":"tag-cophish-attack","9":"tag-copilot-studio","10":"tag-microsoft-oauth-tokens"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens &#187; TechWorm<\/title>\n<meta name=\"description\" content=\"A newly identified phishing technique known as\u00a0\u201cCoPhish\u201d\u00a0exploits Microsoft Copilot Studio agents to deliver deceptive OAuth consent prompts through A new phishing method called CoPhish exploits Microsoft Copilot Studio agents to steal OAuth tokens via authentic Microsoft domains. Discovered by Datadog Security Labs, it tricks users into granting malicious app permissions, enabling attackers to access sensitive data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens\" \/>\n<meta property=\"og:description\" content=\"A newly identified phishing technique known as\u00a0\u201cCoPhish\u201d\u00a0exploits Microsoft Copilot Studio agents to deliver deceptive OAuth consent prompts through\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html\" \/>\n<meta property=\"og:site_name\" content=\"TechWorm\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techworm.in\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/amaan.rizwan\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-25T18:04:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Amaan Rizwan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/amaanthinks\" \/>\n<meta name=\"twitter:site\" content=\"@Techworm_in\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html\"},\"author\":{\"name\":\"Amaan Rizwan\",\"@id\":\"https:\/\/www.techworm.net\/#\/schema\/person\/25486878543bf8c3ce1589ca57eb8e1d\"},\"headline\":\"CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens\",\"datePublished\":\"2025-10-25T18:04:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html\"},\"wordCount\":406,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techworm.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg\",\"keywords\":[\"CoPhish Attack\",\"copilot studio\",\"Microsoft OAuth Tokens\"],\"articleSection\":[\"Microsoft\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\/\/www.techworm.net\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html\",\"url\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html\",\"name\":\"CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens &#187; TechWorm\",\"isPartOf\":{\"@id\":\"https:\/\/www.techworm.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg\",\"datePublished\":\"2025-10-25T18:04:31+00:00\",\"description\":\"A newly identified phishing technique known as\u00a0\u201cCoPhish\u201d\u00a0exploits Microsoft Copilot Studio agents to deliver deceptive OAuth consent prompts through A new phishing method called CoPhish exploits Microsoft Copilot Studio agents to steal OAuth tokens via authentic Microsoft domains. Discovered by Datadog Security Labs, it tricks users into granting malicious app permissions, enabling attackers to access sensitive data.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#primaryimage\",\"url\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg\",\"contentUrl\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg\",\"width\":1200,\"height\":675,\"caption\":\"Cophish attack exploits Copilot studio\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techworm.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft\",\"item\":\"https:\/\/www.techworm.net\/category\/microsoft\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techworm.net\/#website\",\"url\":\"https:\/\/www.techworm.net\/\",\"name\":\"TechWorm\",\"description\":\"The Tech Hub\",\"publisher\":{\"@id\":\"https:\/\/www.techworm.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techworm.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techworm.net\/#organization\",\"name\":\"Techworm\",\"url\":\"https:\/\/www.techworm.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techworm.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2019\/12\/TECHWORM-FOOTER-LOGO.png\",\"contentUrl\":\"https:\/\/www.techworm.net\/wp-content\/uploads\/2019\/12\/TECHWORM-FOOTER-LOGO.png\",\"width\":300,\"height\":64,\"caption\":\"Techworm\"},\"image\":{\"@id\":\"https:\/\/www.techworm.net\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techworm.in\",\"https:\/\/x.com\/Techworm_in\",\"https:\/\/www.instagram.com\/techworm_in\/\",\"https:\/\/www.linkedin.com\/company\/9221219\",\"https:\/\/www.youtube.com\/channel\/UCpa9W_3YE1c9Iu4j2ifxzsg\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techworm.net\/#\/schema\/person\/25486878543bf8c3ce1589ca57eb8e1d\",\"name\":\"Amaan Rizwan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/9c05fa10bdc384a3e41daac19ba5543630da9cbdd59672c71f7ecf2a64a3c1b3?s=96&d=wavatar&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9c05fa10bdc384a3e41daac19ba5543630da9cbdd59672c71f7ecf2a64a3c1b3?s=96&d=wavatar&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9c05fa10bdc384a3e41daac19ba5543630da9cbdd59672c71f7ecf2a64a3c1b3?s=96&d=wavatar&r=g\",\"caption\":\"Amaan Rizwan\"},\"description\":\"Anything and everything because titles should not define us. A non-fiction lover. Khalid Hosseini and Ruskin Bond fan. Aspiring to be better than yesterday.\",\"sameAs\":[\"https:\/\/www.facebook.com\/amaan.rizwan\",\"https:\/\/x.com\/https:\/\/twitter.com\/amaanthinks\"],\"url\":\"https:\/\/www.techworm.net\/author\/amaan\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens &#187; TechWorm","description":"A newly identified phishing technique known as\u00a0\u201cCoPhish\u201d\u00a0exploits Microsoft Copilot Studio agents to deliver deceptive OAuth consent prompts through A new phishing method called CoPhish exploits Microsoft Copilot Studio agents to steal OAuth tokens via authentic Microsoft domains. Discovered by Datadog Security Labs, it tricks users into granting malicious app permissions, enabling attackers to access sensitive data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html","og_locale":"en_US","og_type":"article","og_title":"CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens","og_description":"A newly identified phishing technique known as\u00a0\u201cCoPhish\u201d\u00a0exploits Microsoft Copilot Studio agents to deliver deceptive OAuth consent prompts through","og_url":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html","og_site_name":"TechWorm","article_publisher":"https:\/\/www.facebook.com\/techworm.in","article_author":"https:\/\/www.facebook.com\/amaan.rizwan","article_published_time":"2025-10-25T18:04:31+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg","type":"image\/jpeg"}],"author":"Amaan Rizwan","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/amaanthinks","twitter_site":"@Techworm_in","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#article","isPartOf":{"@id":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html"},"author":{"name":"Amaan Rizwan","@id":"https:\/\/www.techworm.net\/#\/schema\/person\/25486878543bf8c3ce1589ca57eb8e1d"},"headline":"CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens","datePublished":"2025-10-25T18:04:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html"},"wordCount":406,"commentCount":0,"publisher":{"@id":"https:\/\/www.techworm.net\/#organization"},"image":{"@id":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#primaryimage"},"thumbnailUrl":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg","keywords":["CoPhish Attack","copilot studio","Microsoft OAuth Tokens"],"articleSection":["Microsoft"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/www.techworm.net\/#organization"}},{"@type":"WebPage","@id":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html","url":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html","name":"CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens &#187; TechWorm","isPartOf":{"@id":"https:\/\/www.techworm.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#primaryimage"},"image":{"@id":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#primaryimage"},"thumbnailUrl":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg","datePublished":"2025-10-25T18:04:31+00:00","description":"A newly identified phishing technique known as\u00a0\u201cCoPhish\u201d\u00a0exploits Microsoft Copilot Studio agents to deliver deceptive OAuth consent prompts through A new phishing method called CoPhish exploits Microsoft Copilot Studio agents to steal OAuth tokens via authentic Microsoft domains. Discovered by Datadog Security Labs, it tricks users into granting malicious app permissions, enabling attackers to access sensitive data.","breadcrumb":{"@id":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#primaryimage","url":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg","contentUrl":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg","width":1200,"height":675,"caption":"Cophish attack exploits Copilot studio"},{"@type":"BreadcrumbList","@id":"https:\/\/www.techworm.net\/2025\/10\/cophish-attack-steals-microsoft-oauth-tokens.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techworm.net\/"},{"@type":"ListItem","position":2,"name":"Microsoft","item":"https:\/\/www.techworm.net\/category\/microsoft"},{"@type":"ListItem","position":3,"name":"CoPhish Attack Exploits Copilot Studio Agents to Steal Microsoft OAuth Tokens"}]},{"@type":"WebSite","@id":"https:\/\/www.techworm.net\/#website","url":"https:\/\/www.techworm.net\/","name":"TechWorm","description":"The Tech Hub","publisher":{"@id":"https:\/\/www.techworm.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techworm.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techworm.net\/#organization","name":"Techworm","url":"https:\/\/www.techworm.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techworm.net\/#\/schema\/logo\/image\/","url":"https:\/\/www.techworm.net\/wp-content\/uploads\/2019\/12\/TECHWORM-FOOTER-LOGO.png","contentUrl":"https:\/\/www.techworm.net\/wp-content\/uploads\/2019\/12\/TECHWORM-FOOTER-LOGO.png","width":300,"height":64,"caption":"Techworm"},"image":{"@id":"https:\/\/www.techworm.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techworm.in","https:\/\/x.com\/Techworm_in","https:\/\/www.instagram.com\/techworm_in\/","https:\/\/www.linkedin.com\/company\/9221219","https:\/\/www.youtube.com\/channel\/UCpa9W_3YE1c9Iu4j2ifxzsg"]},{"@type":"Person","@id":"https:\/\/www.techworm.net\/#\/schema\/person\/25486878543bf8c3ce1589ca57eb8e1d","name":"Amaan Rizwan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9c05fa10bdc384a3e41daac19ba5543630da9cbdd59672c71f7ecf2a64a3c1b3?s=96&d=wavatar&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9c05fa10bdc384a3e41daac19ba5543630da9cbdd59672c71f7ecf2a64a3c1b3?s=96&d=wavatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9c05fa10bdc384a3e41daac19ba5543630da9cbdd59672c71f7ecf2a64a3c1b3?s=96&d=wavatar&r=g","caption":"Amaan Rizwan"},"description":"Anything and everything because titles should not define us. A non-fiction lover. Khalid Hosseini and Ruskin Bond fan. Aspiring to be better than yesterday.","sameAs":["https:\/\/www.facebook.com\/amaan.rizwan","https:\/\/x.com\/https:\/\/twitter.com\/amaanthinks"],"url":"https:\/\/www.techworm.net\/author\/amaan"}]}},"jetpack_featured_media_url":"https:\/\/www.techworm.net\/wp-content\/uploads\/2025\/10\/copilot-studio-attacked-cover.jpg","_links":{"self":[{"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/posts\/127942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/users\/56"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/comments?post=127942"}],"version-history":[{"count":0,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/posts\/127942\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/media\/127947"}],"wp:attachment":[{"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/media?parent=127942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/categories?post=127942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techworm.net\/wp-json\/wp\/v2\/tags?post=127942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}