Critical 0-Click Microsoft Excel Security Bug Lets Copilot Steal Data

Excel users are warned to update now, as a critical vulnerability has been confirmed that can lead to “zero-click information disclosure” via Copilot AI Agent.

A 'fascinating' Microsoft Excel security flaw teams up spreadsheets and Copilot Agent to steal data

There's more than one way to skin an Excel table, and this one abuses Copilot.
ZDNet

Second zero-day Excel flaw emerges

Attack code for a new security hole in Excel has surfaced on the Internet, just as Microsoft is scrambling to respond to a separate bug in the spreadsheet program. The latest vulnerability could cause ...
Bleeping Computer

Microsoft is disabling Excel 4.0 macros by default to protect users

Microsoft will soon begin disabling Excel 4.0 XLM macros by default in Microsoft 365 tenants to protect customers from malicious documents. Excel 4.0 macros, or XLM macros, were first added to Excel ...
Threat Post

Trojan exploiting Excel zero-day flaw

Reports have been circulating in the last couple of days about an unpatched vulnerability in Microsoft Excel, and the software giant has now confirmed the problem. The flaw allows attackers to run ...
Bleeping Computer

Microsoft disables Excel 4.0 macros by default to block malware

Microsoft has announced that Excel 4.0 (XLM) macros will now be disabled by default to protect customers from malicious documents. In October, the company first revealed in a Microsoft 365 message ...