data exfiltration

Speaker Mike Johnson’s announcement at the Congressional Hackathon that the U.S. House will begin a staged pilot giving thousands of House staffers access to Microsoft Copilot marks a dramatic reversal of last year’s ban and opens a high‑stakes test of how a legislative body adopts generative AI...

The House of Representatives has quietly moved from prohibition to adoption: according to an Axios briefing shared with reporters, the House will begin rolling out Microsoft Copilot for members and staff as part of a broader push to modernize the chamber and integrate artificial intelligence...

The U.S. House of Representatives is moving from prohibition to pilot: beginning this fall, a limited rollout will make Microsoft Copilot available to Members of Congress and a subset of House staffers under a one‑year pilot that promises “heightened legal and data protections,” expands access...

Australia’s small businesses face a sharp security cliff this month as Microsoft ends mainstream support for Windows 10, and researchers warn that a parallel surge in AI‑enabled attack techniques is widening the window of opportunity for criminals — a risk compounded by many organisations...

Australia faces a sharpened cyber‑risk horizon as Microsoft prepares to stop mainstream support for Windows 10 on October 14, 2025, at the same moment hackers are being handed increasingly powerful tools — and a new HP–Microsoft study warns many small and medium businesses are making themselves...

Zenity’s expanded partnership with Microsoft plugs real-time, inline security directly into Microsoft Copilot Studio agents — a move that promises to make agentic AI safer for widespread enterprise use while raising new operational and architectural questions for security teams. The...

Microsoft’s Copilot for Microsoft 365 was supposed to make AI agents safer to run at enterprise scale; instead, recent reports show a control-plane failure that left some agents discoverable and installable despite tenant-level policy locks—forcing administrators into time-consuming, per-agent...

Microsoft quietly patched a vulnerability in Microsoft 365 Copilot that allowed the assistant to read and summarize enterprise files without producing the expected Purview audit entry — a gap that, if exploited, could let insiders or attackers extract sensitive data while leaving no trace in...

A security researcher’s routine Copilot query revealed a startling blind spot in Microsoft’s logging: under certain prompts, Copilot could return file summaries without leaving the expected Purview audit entry — and, according to the researcher, Microsoft quietly rolled out a fix without issuing...

Microsoft’s Copilot may have closed an eye‑catching zero‑click hole, but a quieter — and arguably more dangerous — problem has been bubbling under the surface: Copilot and related AI components are not reliably creating the audit trails organizations depend on for compliance and forensics. That...

Popular generative‑AI browser assistants can and do sweep up deeply personal data from ordinary web sessions — including health records, bank details and even social‑security numbers — and forward that content to remote servers where it can be tracked, profiled and reused in ways most users...

Zenity Labs’ Black Hat presentation unveiled a dramatic new class of threats to enterprise AI: “zero‑click” hijacking techniques that can silently compromise widely used agents and assistants — from ChatGPT to Microsoft Copilot, Salesforce Einstein, and Google Gemini — allowing attackers to...

Here is a concise and professional edit and summary for the article "Zenity Labs Exposes Widespread 'AgentFlayer' Vulnerabilities Allowing Silent Hijacking of Major Enterprise AI Agents Circumventing Human Oversight" from CNHI News: Zenity Labs Uncovers Major 'AgentFlayer' Vulnerabilities...

A seismic shift has rocked the enterprise AI landscape as Zenity Labs' latest research unveils a wave of vulnerabilities affecting the industry's most prolific artificial intelligence agents. Ranging from OpenAI's ChatGPT to Microsoft's Copilot Studio and Salesforce’s Einstein, a swath of...

Large language models are propelling a new era in digital productivity, transforming everything from enterprise applications to personal assistants such as Microsoft Copilot. Yet as enterprises and end-users rapidly embrace LLM-based systems, a distinctive form of adversarial risk—indirect...

Microsoft’s SharePoint platform has long been regarded as an indispensable piece of enterprise infrastructure, relied upon by thousands of government agencies, universities, and businesses worldwide to facilitate collaboration, document management, and internal communications. Yet news broke...

In a rapidly evolving threat landscape, where industrial control systems and infrastructure software are prime targets, the security of device management platforms is more critical than ever. Newly disclosed vulnerabilities in widely used applications can lead to devastating chain reactions — a...

Microsoft has recently issued an urgent alert regarding active cyberattacks targeting on-premises SharePoint servers, a critical platform for document sharing and collaboration within organizations. These attacks exploit a previously unknown "zero-day" vulnerability, designated as...

The UK's National Cyber Security Centre (NCSC) has recently disclosed a sophisticated cyber-espionage campaign orchestrated by the Russian state-sponsored group APT28, also known as Fancy Bear. This campaign employs a malware strain dubbed "Authentic Antics" to infiltrate Microsoft 365 accounts...

The UK National Cyber Security Centre (NCSC) has formally attributed the 'Authentic Antics' malware attacks to APT28, also known as Fancy Bear, a threat actor linked to Russia's military intelligence service (GRU). This sophisticated malware campaign targets Microsoft 365 users, aiming to steal...