News

First Known Zero-Click AI Exploit: Microsoft 365 Copilot’s ‘EchoLeak’ Flaw
Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.
Infosecurity Magazine4d
Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows Corporate Data Theft
Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple ...
The Hacker News4d
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
Critical zero-click AI vulnerability EchoLeak exposed sensitive Microsoft 365 Copilot data; Microsoft patched it to prevent ...
SecurityWeek5d
‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot
Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data ...
Critical vulnerability in Microsoft 365 Copilot shows risk of AI agents
The M365 AI agent could be tricked into releasing sensitive information via email and without a mouse click. Microsoft has ...
WinBuzzer1d
Microsoft 365 Copilot: Critical ‘EchoLeak’ Flaw Turned Microsoft’s Own AI Into Data Thief
Microsoft has patched the critical 'EchoLeak' vulnerability in Microsoft 365 Copilot, a flaw that allowed attackers to ...
Microsoft 365 Copilot’s Data Exposed – Hit by Zero-Click Vulnerability
Security researchers at Aim Security discovered "EchoLeak", the first known zero-click artificial intelligence (AI) ...
CSO Online5d
First-ever zero-click attack targets Microsoft 365 Copilot
A single email can silently trigger Copilot to exfiltrate sensitive corporate data — no clicks, no warnings, no user action.
How To Conduct Red Teaming Of AI Copilots
Here, I'll outline how CISOs can assign red teams to hunt for such files, some examples of real-world findings and suggested ...