Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user ...

Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data ...

Microsoft 365 Copilot, the AI tool built into Microsoft Office workplace applications including Word, Excel, Outlook, ...

A critical AI vulnerability, 'EchoLeak,' was discovered in Microsoft 365 Copilot by Aim Labs researchers in January 2025.

A single email can silently trigger Copilot to exfiltrate sensitive corporate data — no clicks, no warnings, no user action.

Researchers have said that Microsoft Copilot had a critical zero-click AI vulnerability that was fixed before hackers stole ...

Security researchers at Aim Security discovered "EchoLeak", the first known zero-click artificial intelligence (AI) ...

A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction.

For example, Copilot being able to connect to OneDrive and retrieving data from a file stored there to answer a user query would be considered an agentic action. As per the researchers, the attack was ...

It didn’t start with a ransom note, there were no system crashes, no screens held hostage.Just an AI assistant, Microsoft ...

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user ...

EchoLeak affected Microsoft 365 Copilot, the AI assistant integrated across several Office applications, including Word, ...