A new phishing technique dubbed ‘CoPhish’ weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and