{"id":60291,"date":"2026-03-10T20:35:16","date_gmt":"2026-03-10T20:35:16","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/"},"modified":"2026-03-10T20:35:16","modified_gmt":"2026-03-10T20:35:16","slug":"critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/","title":{"rendered":"Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack"},"content":{"rendered":"<p>After a whopper of a <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2026\/02\/10\/microsofts_valentines_gift_to_admins\/\">Patch Tuesday last month<\/a>, with six Microsoft flaws exploited as zero-days, March didn&#8217;t exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we&#8217;re sure is a welcome change to sysadmins.<\/p>\n<p>Another eight of the <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2026-Mar\">83 Microsoft CVEs<\/a> are considered critical, and one of these &#8211; to quote Zero Day Initiative chief bug hunter Dustin Childs &#8211; is &#8220;fascinating.&#8221; Plus, it&#8217;s got an <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2026\/03\/09\/mckinsey_ai_chatbot_hacked\/\">AI-attack component<\/a>, so we&#8217;re going to start with it.<\/p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-26144\">CVE-2026-26144<\/a> is a critical-severity information disclosure vulnerability in Microsoft Excel. This cross-site scripting flaw can be exploited to &#8220;cause Copilot Agent mode to exfiltrate data via unintended network egress, enabling a zero-click information disclosure attack,&#8221; Redmond warned.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Yes, you read that right: a zero-click bug that weaponizes an Excel spreadsheet and the Copilot Agent to steal data. As Childs <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2026\/3\/10\/the-march-2026-security-update-review\">notes<\/a>, it&#8217;s &#8220;an attack scenario we&#8217;re likely to see more often.&#8221;&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>This bug requires network access to exploit, but no user interaction or privilege escalation.<\/p>\n<p>&#8220;Information disclosure vulnerabilities are especially dangerous in corporate environments where Excel files often contain financial data, intellectual property, or operational records,&#8221; Action1 CEO and co-founder Alex Vovk told <em>The Register<\/em>. &#8220;If exploited, attackers could silently extract confidential information from internal systems without triggering obvious alerts.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Patch this one sooner, and if you must delay patch deployment, Vovk suggests restricting outbound network traffic from Office applications, monitoring unusual network requests generated by Excel processes, and disabling or limiting Copilot Agent until applying the fix.<\/p>\n<h3 class=\"crosshead\">Two known \u2026 but not under exploitation<\/h3>\n<p>The two Microsoft bugs listed as publicly known, but not exploited at the time of disclosure include <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-26127\">CVE-2026-26127<\/a>, an out-of-bounds read issue in .NET that allows an unauthorized attacker to deny service over a network. Despite it being publicly disclosed, Redmond deems &#8220;exploitation unlikely.&#8221;<\/p>\n<p>Plus, <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-21262\">CVE-2026-21262<\/a>, also publicly known, is due to improper access control in SQL Server that allows an authorized attacker to elevate privileges over a network. Microsoft said that this one is &#8220;less likely&#8221; to be exploited in the wild.<\/p>\n<p>Of the eight critical-rated CVEs, two &#8211; <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-26110\">CVE-2026-26110<\/a> and <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-26113\">CVE-2026-26113<\/a> &#8211; are Office remote code execution bugs that can be triggered via the Preview Pane, meaning a user may not need to fully open a malicious file for an attacker to exploit the system.<\/p>\n<h3 class=\"crosshead\">Beware the Preview Pane<\/h3>\n<p>&#8220;When a simple document preview can trigger code execution, attackers gain a doorway directly into the system,&#8221; Jack Bicer, director of vulnerability research at Action1, told <em>The Register<\/em>.&nbsp;<\/p>\n<p>As Childs notes, these have become increasingly common over the last year. &#8220;It&#8217;s just a matter of time until they start appearing in active exploits,&#8221; he said.<\/p>\n<p>CVE-2026-26110 is a type confusion flaw in Microsoft Office that allows a remote attacker to execute code locally. Type confusion occurs when an application accesses a resource using an incompatible data type, causing incorrect memory handling.<\/p>\n<p>CVE-2026-26113 is caused by an untrusted pointer dereference flaw in Microsoft Office, which also allows remote attackers to execute code locally. &#8220;The issue occurs when Microsoft Office improperly handles memory pointers, potentially allowing an attacker to manipulate how the application accesses memory,&#8221; Bicer said. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2026\/03\/10\/zeroclick_microsoft_info_disclosure_bug\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Could steal sensitive personal and financial data After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn&#8217;t exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we&#8217;re sure is a welcome change to sysadmins.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-60291","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-10T20:35:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack\",\"datePublished\":\"2026-03-10T20:35:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/\"},\"wordCount\":564,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/\",\"name\":\"Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2026-03-10T20:35:16+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/","og_locale":"en_US","og_type":"article","og_title":"Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-03-10T20:35:16+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack","datePublished":"2026-03-10T20:35:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/"},"wordCount":564,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/","url":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/","name":"Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2026-03-10T20:35:16+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2abCEsYXSIUVz_DvtUVK48AAAAEY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/critical-microsoft-excel-bug-weaponizes-copilot-agent-for-zero-click-information-disclosure-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60291"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60291\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}