Security researchers Aim Labs discovered an LLM Scope Violation flaw in Microsoft 365 Copilot The critical-severity bug ...

A single email can silently trigger Copilot to exfiltrate sensitive corporate data — no clicks, no warnings, no user action.

Aim Labs recently shared findings about the first-ever zero-click AI attack impacting Microsoft 365 Copilot, though there's ...

Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data ...

Critical zero-click AI vulnerability EchoLeak exposed sensitive Microsoft 365 Copilot data; Microsoft patched it to prevent ...

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user ...

EchoLeak affected Microsoft 365 Copilot, the AI assistant integrated across several Office applications, including Word, ...

Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.

A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction.

Security researchers at Aim Security discovered "EchoLeak", the first known zero-click artificial intelligence (AI) ...

Critically, according to Aim’s researchers, all of this happens behind the scenes. Users themselves don’t have to open the ...