Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence AI vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 M365 Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the...

PT-2025-25295 · Undefined · Undefined

EchoLeak: First-Ever Zero-Click Vulnerability, CVE-2025-3271, Discovered by Aim Labs in Microsoft 365 Copilot AI, Allowed Attackers Steal Sensitive Data Silently, Now Fixed EchoLeak Hackers Microsoft Copilot CopilotAgent MIcrosoft365 @Microsoft @Copilot...

CVE-2025-32711

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

M365 Copilot Information Disclosure Vulnerability

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2025-32711

CVE-2025-32711 (EchoLeak) is a zero-click AI command-injection vulnerability in Microsoft 365 Copilot that enables unauthorized data disclosure via crafted emails. The issue stems from prompt-injection techniques exploited by Copilot’s retrieval/processing flow, allowing data exfiltration from Co...

KLA84828 OSI vulnerability in Microsoft Apps

An information disclosure vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions. Original advisories CVE-2025-32711 Related products Microsoft-Copilot-Studio CVE list CVE-2025-32711 critical KB list...

Microsoft M365 Copilot 命令注入漏洞

Microsoft M365 Copilot is an AI-powered productivity tool from Microsoft Corporation USA. Microsoft M365 Copilot suffers from a command injection vulnerability that stems from command injection and could lead to information disclosure over the network...

PT-2025-25212

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot affected versions not specified Description EchoLeak is a critical zero-click issue in Microsoft 365 Copilot that allows unauthorized attackers to exfiltrate sensitive organizational data from OneDrive, SharePoint, and...

May 28, 2025—KB5058499 (OS Build 26100.4202) Preview

May 28, 2025—KB5058499 OS Build 26100.4202 Preview For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows 11, version 24H2, see its update history page. Be sure to follow @WindowsUpdate to find out when n...

May 27, 2025—KB5058502 (OS Builds 22621.5413 and 22631.5413) Preview

May 27, 2025—KB5058502 OS Builds 22621.5413 and 22631.5413 Preview For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows 11, version 23H2, see its update history page. Be sure to follow @WindowsUpdate to...

CVE-2024-48140

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message...

Bypass SharePoint Restricted View to exfiltrate data using Copilot AI and more…

TL;DR Restricted View allows users to read files, but not copy, download or print them Attackers will look for ways to circumvent these controls Traditional workarounds include manual transcription, screenshots, and photos OCR tools can extract text from screenshots Microsoft Copilot can read fil...

Malicious code in service-catalog-copilot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 89c9b90298ed452d812eb4374f8dc339318c0a084a64157722e7b733416fa131 The OpenSSF Package Analysis project identified 'service-catalog-copilot' @ 100.11.1337 npm as malicious. It is considered malicious because: -...

Product Walkthrough: Securing Microsoft Copilot with Reco

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can...

April 25, 2025—KB5055627(OS Build 26100.3915) Preview

April 25, 2025—KB5055627OS Build 26100.3915 Preview Change log Change date| Change description ---|--- May 26. 2026| Updated the second MSU file listed under Catalog in Method 2. August 6, 2025| Normal rollout: Input ​​​​​​​and Networking improvements added. August 20, 2025| Gradual rollout:...

Zero Day Quest 2025: $1.6 million awarded for vulnerability research

This month, the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact securit...

Zero Day Quest 2025: $1.6 million awarded for vulnerability research

This month, the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact securit...

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface UEFI Secure Boot as well ...

March 27, 2025—KB5053656 (OS Build 26100.3624) Preview

March 27, 2025—KB5053656 OS Build 26100.3624 Preview For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows 11, version 24H2, see its update history page. Follow @WindowsUpdate to find out when new conten...

Microsoft unveils Microsoft Security Copilot agents and new protections for AI

In this age of AI, securing AI and using it to boost security are crucial for every organization. At Microsoft, we are dedicated to helping organizations secure their future with our AI-first, end-to-end security platform. One year ago, we launched Microsoft Security Copilot to empower defenders ...