Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user ...

Microsoft has patched the critical 'EchoLeak' vulnerability in Microsoft 365 Copilot, a flaw that allowed attackers to ...

Researchers have discovered the very first Zero-Click weak point in a AI assistant. Microsoft 365 Copilot allowed attackers ...

Critically, according to Aim’s researchers, all of this happens behind the scenes. Users themselves don’t have to open the ...

Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple ...

A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive ...

EchoLeak affected Microsoft 365 Copilot, the AI assistant integrated across several Office applications, including Word, ...

Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data ...

Microsoft 365 Copilot, the AI tool built into Microsoft Office workplace applications including Word, Excel, Outlook, ...

Critical zero-click AI vulnerability EchoLeak exposed sensitive Microsoft 365 Copilot data; Microsoft patched it to prevent ...

A single email can silently trigger Copilot to exfiltrate sensitive corporate data — no clicks, no warnings, no user action.

For example, Copilot being able to connect to OneDrive and retrieving data from a file stored there to answer a user query would be considered an agentic action. As per the researchers, the attack was ...