Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.

Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple ...

Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data ...

Critical zero-click AI vulnerability EchoLeak exposed sensitive Microsoft 365 Copilot data; Microsoft patched it to prevent ...

A single email can silently trigger Copilot to exfiltrate sensitive corporate data — no clicks, no warnings, no user action.

Microsoft has patched the critical 'EchoLeak' vulnerability in Microsoft 365 Copilot, a flaw that allowed attackers to ...

Security researchers at Aim Security discovered "EchoLeak", the first known zero-click artificial intelligence (AI) ...

The M365 AI agent could be tricked into releasing sensitive information via email and without a mouse click. Microsoft has ...

Aim Security launches Aim Labs with groundbreaking research detailing the first-of-its-kind "zero-click" attack chain on an ...

While AI-powered identity verification can improve security and usability, these tools also pose concerns about privacy and ...

Here, I'll outline how CISOs can assign red teams to hunt for such files, some examples of real-world findings and suggested ...