Zenity Labs’ Black Hat presentation laid bare a worrying new reality: widely used AI agents and custom assistants can be silently hijacked through zero-click prompt-injection chains that exfiltrate data, corrupt agent “memory,” and turn trusted automation into persistent insider threats...
Here is a concise and professional edit and summary for the article "Zenity Labs Exposes Widespread 'AgentFlayer' Vulnerabilities Allowing Silent Hijacking of Major Enterprise AI Agents Circumventing Human Oversight" from CNHI News:
Zenity Labs Uncovers Major 'AgentFlayer' Vulnerabilities...
agentflayer
ai autonomous threats
ai governance
ai hijacking
ai security
ai threat landscape
ai vulnerabilities
black hat 2025
cyber defense
cyber threats
cybersecurity
dataexfiltration
enterprise ai
enterprise security
security breach
security research
tech disclosures
threat detection
zero-click attack
A seismic shift has rocked the enterprise AI landscape as Zenity Labs' latest research unveils a wave of vulnerabilities affecting the industry's most prolific artificial intelligence agents. Ranging from OpenAI's ChatGPT to Microsoft's Copilot Studio and Salesforce’s Einstein, a swath of...
ai
ai risks
ai security
ai vulnerabilities
attack surface
automated threats
black hat 2025
cybersecurity
dataexfiltration
enterprise ai
incident response
prompt injection
security best practices
security updates
threat detection
workflow hijacking
zenity labs
zero-click attack
Large language models are propelling a new era in digital productivity, transforming everything from enterprise applications to personal assistants such as Microsoft Copilot. Yet as enterprises and end-users rapidly embrace LLM-based systems, a distinctive form of adversarial risk—indirect...
adversarial attacks
ai ethics
ai governance
ai in defense
ai security
ai vulnerabilities
cybersecurity
dataexfiltration
generative ai
large language models
llm safety
microsoft copilot
openai
prompt engineering
prompt injection
prompt shields
robustness
security best practices
threat detection
Microsoft’s SharePoint platform has long been regarded as an indispensable piece of enterprise infrastructure, relied upon by thousands of government agencies, universities, and businesses worldwide to facilitate collaboration, document management, and internal communications. Yet news broke...
In a rapidly evolving threat landscape, where industrial control systems and infrastructure software are prime targets, the security of device management platforms is more critical than ever. Newly disclosed vulnerabilities in widely used applications can lead to devastating chain reactions — a...
Microsoft has recently issued an urgent alert regarding active cyberattacks targeting on-premises SharePoint servers, a critical platform for document sharing and collaboration within organizations. These attacks exploit a previously unknown "zero-day" vulnerability, designated as...
Britain’s cybersecurity landscape is once again in sharp focus after confirmation that the UK’s National Cyber Security Centre (NCSC) has detected a “limited number” of domestic victims in the recent Microsoft hack campaign. While not on the scale of some prior, sweeping incidents, the attack...
The UK's National Cyber Security Centre (NCSC) has recently disclosed a sophisticated cyber-espionage campaign orchestrated by the Russian state-sponsored group APT28, also known as Fancy Bear. This campaign employs a malware strain dubbed "Authentic Antics" to infiltrate Microsoft 365 accounts...
The UK National Cyber Security Centre (NCSC) has formally attributed the 'Authentic Antics' malware attacks to APT28, also known as Fancy Bear, a threat actor linked to Russia's military intelligence service (GRU). This sophisticated malware campaign targets Microsoft 365 users, aiming to steal...
Recent revelations surrounding a critical Local File Inclusion (LFI) vulnerability in Microsoft 365’s Export to PDF functionality have cast an intense spotlight on the hidden complexities and lingering security risks inherent even in feature-rich, enterprise-grade cloud platforms. The...
api exploitation
api security
cloud security
cyber threats
cybersecurity
dataexfiltration
enterprise security
file inclusion attack
graph api
html conversion vulnerability
lfi
local file inclusion
microsoft 365
pdf export
saas risks
saas security
security best practices
security patch
security research
vulnerability
North Korean remote IT workers, operating under what Microsoft Threat Intelligence now tracks as Jasper Sleet (previously Storm-0287), exemplify how state-sponsored cyber actors are adapting and evolving their methods to sustain financial, intelligence, and geopolitical objectives. Since 2024...
Security researchers have uncovered a sophisticated cyber espionage campaign, dubbed "LapDogs," that has compromised over 1,000 small office/home office (SOHO) devices worldwide. This campaign, attributed to China-linked threat actors, leverages these devices to form an Operational Relay Box...
Artificial intelligence (AI) is rewriting the rules of digital risk and opportunity, forcing organizations to re-examine every assumption about productivity, security, and trust. Nowhere is this transformation more profound than at the intersection of business operations and cybersecurity—an...
ai compliance
ai governance
ai risks
ai security
ai vulnerabilities
artificial intelligence
cyber threats
cybersecurity
dataexfiltration
digital transformation
enterprise security
generative ai
machine learning
privacy
prompt engineering
prompt injection
security best practices
Microsoft is implementing significant security enhancements across its Windows 365 and Microsoft 365 platforms, aiming to bolster defenses against data exfiltration and malware threats. Starting in the latter half of 2025, newly provisioned and reprovisioned Windows 365 Cloud PCs will have...
Microsoft has recently announced significant enhancements to the default security settings of Windows 365 Cloud PCs, aiming to bolster defenses against data exfiltration and malicious exploits. These updates introduce advanced security features and modify default configurations to create a more...
cloud pc
cloud security
credential guard
cyber defense
cybersecurity
dataexfiltration
device security
group policy
hvci
microsoft azure
microsoft intune
peripheral redirection
remote work security
security features
security policies
vbs
virtualization
windows 11
windows 365
Microsoft’s Windows 365 platform, with its innovative Cloud PC virtualization, continues to redefine the enterprise workspace by placing security at the core of its evolution. Since its introduction to address the growing complexities of remote and hybrid work, Windows 365 has quickly positioned...
A new and deeply concerning evolution in cyberattack methodology is putting Microsoft Entra ID (formerly known as Azure Active Directory) users and organizations at unprecedented risk. This surge in account takeover (ATO) campaigns exploits TeamFiltration—a legitimate penetration testing tool...
Microsoft 365 Copilot, Microsoft’s generative AI assistant that has garnered headlines for revolutionizing enterprise productivity, recently faced its most sobering security reckoning yet with the disclosure of “EchoLeak”—a vulnerability so novel, insidious, and systemic that it redefines what...
ai breach mitigation
ai in business
ai security
ai threat landscape
copilot
cve-2025-32711
cybersecurity
cybersecurity best practices
dataexfiltration
document security
enterprise privacy
generative ai risks
llm vulnerabilities
markdown exploits
microsoft 365
prompt
prompt injection
rag spraying
vulnerability
zero-click attack
Microsoft’s recent patch addressing the critical Copilot AI vulnerability, now known as EchoLeak, marks a pivotal moment for enterprise AI security. The flaw, first identified by security researchers at Aim Labs in January 2025 and officially recognized as CVE-2025-32711, uncovered a new class...
ai compliance
ai risks
ai security
ai threat landscape
ai vulnerabilities
ai workflows
attack surface
cloud security
copilot
cybersecurity
dataexfiltration
enterprise security
natural language processing
prompt injection
security best practices
security patch
threat detection
vulnerability
zero trust