zero-click attack

A critical zero-click vulnerability in Microsoft's Copilot AI assistant, dubbed EchoLeak and tracked as CVE-2025-32711, was recently discovered by researchers at Aim Security. This flaw allowed attackers to exfiltrate sensitive organizational data without any user interaction, posing a...

In early 2025, a significant security vulnerability, dubbed "EchoLeak," was discovered in Microsoft 365 Copilot, the AI-powered assistant integrated into Office applications such as Word, Excel, PowerPoint, and Outlook. This flaw allowed attackers to access sensitive company data through a...

In a groundbreaking development in cybersecurity, researchers from Aim Labs have identified a critical vulnerability in Microsoft 365 Copilot, termed 'EchoLeak' (CVE-2025-32711). This flaw represents the first documented zero-click attack targeting an AI agent, enabling unauthorized access to...

In June 2025, security researchers from Aim Security uncovered a significant vulnerability within Microsoft's AI-powered Copilot system, integrated into widely used applications like Word, Excel, and Outlook. This flaw, identified as a "zero-click" attack, allowed unauthorized access to...

Here’s an executive summary and key facts about the “EchoLeak” vulnerability (CVE-2025-32711) that affected Microsoft 365 Copilot: What Happened? EchoLeak (CVE-2025-32711) is a critical zero-click vulnerability in Microsoft 365 Copilot. Attackers could exploit the LLM Scope Violation flaw by...

In a sobering demonstration of emerging threats in artificial intelligence, security researchers recently uncovered a severe zero-click vulnerability in Microsoft 365 Copilot, codenamed “EchoLeak.” This exploit could have potentially revealed the most sensitive user secrets to attackers with no...

In January 2025, security researchers at Aim Labs uncovered a critical zero-click vulnerability in Microsoft 365 Copilot AI, designated as CVE-2025-3271 and dubbed "EchoLeak." This flaw allowed attackers to exfiltrate sensitive user data without any interaction from the victim, marking a...

Here’s a concise summary and analysis of the 0-Click “EchoLeak” vulnerability in Microsoft 365 Copilot, based on the GBHackers report and full technical article: Key Facts: Vulnerability Name: EchoLeak CVE ID: CVE-2025-32711 CVSS Score: 9.3 (Critical) Affected Product: Microsoft 365 Copilot...

In August 2024, cybersecurity researchers uncovered a critical zero-click vulnerability in Microsoft 365 Copilot, dubbed "EchoLeak." This flaw allowed attackers to exfiltrate sensitive user data without any user interaction, raising significant concerns about the security of AI-driven enterprise...

A sophisticated new threat named “Echoleak” has been uncovered by cybersecurity researchers, triggering alarm across industries and raising probing questions about the security of widespread AI assistants, including Microsoft 365 Copilot and other MCP-compatible solutions. This attack, notable...

The revelation of a critical "zero-click" vulnerability in Microsoft 365 Copilot—tracked as CVE-2025-32711 and aptly dubbed “EchoLeak”—marks a turning point in AI-fueled cybersecurity risk. This flaw, which scored an alarming 9.3 on the Common Vulnerability Scoring System (CVSS), demonstrates...

In June 2025, a critical "zero-click" vulnerability, designated as CVE-2025-32711, was identified in Microsoft 365 Copilot, an AI-powered assistant integrated into Microsoft's suite of productivity tools. This flaw, dubbed "EchoLeak," had a CVSS score of 9.3, indicating its severity. It allowed...

A critical vulnerability recently disclosed in Microsoft Copilot—codenamed “EchoLeak” and officially catalogued as CVE-2025-32711—has sent ripples through the cybersecurity landscape, challenging widely-held assumptions about the safety of AI-powered productivity tools. For the first time...

In a landmark revelation for the security of AI-integrated productivity suites, researchers have uncovered a zero-click data leak flaw in Microsoft 365 Copilot—an AI assistant embedded in Office apps such as Word, Excel, Outlook, and Teams. Dubbed 'EchoLeak,' this vulnerability casts a spotlight...

Microsoft 365 Copilot, one of the flagship generative AI assistants deeply woven into the fabric of workplace productivity through the Office ecosystem, recently became the focal point of a security storm. The incident has underscored urgent and far-reaching questions for any business weighing...

A surge of concern has swept through IT and cybersecurity circles following the disclosure of a critical zero-click vulnerability in Microsoft’s Windows Deployment Services (WDS) platform. Unlike more intricate bugs that require a sophisticated attacker or privileged access, this flaw enables...