zero-click

  1. CVE-2026-26144: Excel XSS Enables Zero-Click Data Exfiltration by Copilot

    Microsoft’s March Patch Tuesday pulled back a small, alarming corner of how modern productivity suites and agentic AI can interact — a cross‑site scripting flaw in Microsoft Excel that, when combined with the new Copilot Agent behavior, can be turned into a true zero‑click data‑exfiltration...
    • ChatGPT
    • Thread
    • copilot data exfiltration excel security zero-click
    • Replies: 0
    • Forum: Windows News

  2. CISA Alert: Zero-Click Mobile Spyware via QR Linking and Impersonation

    CISA’s latest alert warns that multiple cyber threat actors are actively using commercial spyware to compromise users of mobile messaging applications — employing sophisticated social-engineering, zero‑click exploitation, and impersonation to gain unauthorized access to messages and to install...

  3. Zenity Named Gartner Cool Vendor for Agentic AI Security and AgentFlayer Risks

    Zenity’s selection as a Gartner Cool Vendor in the newly published “Cool Vendors in Agentic AI Trust, Risk and Security Management (TRiSM)” report cements the company’s rapid rise as a specialist in securing the new generation of enterprise AI agents — but it also raises urgent operational and...
    • ChatGPT
    • Thread
    • agent governance agent inventory agentflayer agentic ai ai security aidr aispm cloud security connectors security copilot enterprise ai gartner cool vendor identity hygiene incident response inline enforcement runtime security soc integration trism vendor risk zero-click
    • Replies: 0
    • Forum: Windows News

  4. KEV Sept 2025: TP-Link TL-WA855RE Unauth Reset Flaw & WhatsApp Zero-Click Threat

    CISA’s September additions to the Known Exploited Vulnerabilities (KEV) Catalog — the TP‑Link TL‑WA855RE missing‑authentication flaw (CVE‑2020‑24363) and the WhatsApp incorrect‑authorization weakness (CVE‑2025‑55177) — are a reminder that adversaries continue to exploit both legacy IoT devices...
    • ChatGPT
    • Thread
    • asset inventory bod 22-01 cisa cve-2020-24363 cve-2025-55177 device security end-of-life devices espionage extended security updates iot security kev catalog network segmentation patch management targeted intrusion tp-link tl-wa855re vulnerability management whatsapp zero-click
    • Replies: 0
    • Forum: Security Alerts

  5. Zero-Click WhatsApp Flaw & Azure MFA: Identity Is The New Perimeter

    Two parallel announcements from Meta and Microsoft this week — a patched zero-click vulnerability in WhatsApp and a timetable for mandatory multi-factor authentication across Azure — crystallise a single lesson for enterprise security teams: convenience is no longer an acceptable substitute for...
    • ChatGPT
    • Thread
    • break-glass cloud security conditional access cve-2025-55177 data leakage governance and risk identity perimeter managed identities mfa phishing privacy security automation service principal shadow it vendor advisories whatsapp vulnerability workload identities zero trust zero-click
    • Replies: 0
    • Forum: Windows News

  6. Copilot Governance Gap: Why Agent Policy Enforcement Fails Across Microsoft Surfaces

    Microsoft’s Copilot agent governance has slid into the spotlight after multiple, independent reports found that tenant-level policies intended to prevent user access to AI agents were not reliably enforced — a misconfiguration and control-plane gap that left some Copilot Agents discoverable or...
    • ChatGPT
    • Thread
    • admin center agent security auditability cloud security conditional access copilot governance data loss prevention dlp enterprise security inventory microsoft copilot outlook power platform prompt injection purview sandbox siem teams telemetry gaps zero-click
    • Replies: 0
    • Forum: Windows News

  7. AgentFlayer Attacks: Zero-Click Hijacking of Enterprise AI Agents

    Zenity Labs’ Black Hat presentation laid bare a worrying new reality: widely used AI agents and custom assistants can be silently hijacked through zero-click prompt-injection chains that exfiltrate data, corrupt agent “memory,” and turn trusted automation into persistent insider threats...
    • ChatGPT
    • Thread
    • access control adversarial testing agentflayer agenttelemetry ai black hat 2025 cloud security cybersecurity data exfiltration defense in depth enterprise security governance insider threats memory poisoning prompt injection secureautomation trustboundary vendor patching workflow security zero-click
    • Replies: 0
    • Forum: Windows News