825 matches found
KLA86377 OSI vulnerabilities in Microsoft Apps
Information disclosure vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerability to obtain sensitive information. Original advisories CVE-2025-53774 CVE-2025-53787 Related products Microsoft-Dynamics-365 CVE list CVE-2025-53774 critical CVE-2025-53787 critical ...
PT-2025-32315 · Microsoft · M365 Copilot
Name of the Vulnerable Software and Affected Versions: Microsoft 365 Copilot affected versions not specified Description: This issue involves information disclosure within the Microsoft 365 Copilot BizChat feature. Recommendations: At the moment, there is no information about a newer version that...
PT-2025-32314
Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot affected versions not specified Description This issue involves an information disclosure within the Microsoft 365 Copilot BizChat feature. Recommendations At the moment, there is no information about a newer version that...
Preventing Zero-Click AI Threats: Insights from EchoLeak
A zero-click exploit called EchoLeak reveals how AI assistants like Microsoft 365 Copilot can be manipulated to leak sensitive data without user interaction. This entry breaks down how the attack works, why it matters, and what defenses are available to proactively mitigate this emerging AI-nativ...
Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra
When Microsoft introduced Microsoft Security Copilot last year, our vision was to empower organizations with generative AI that helps security and IT teams simplify operations and respond faster. Since then, we’ve continuously innovated and learned alongside our customers. They consistently tell ...
June 26, 2025—KB5060829 (OS Build 26100.4484) Preview
June 26, 2025—KB5060829 OS Build 26100.4484 Preview For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview, see the update history page for Windows 11, version 24H2.Follow @WindowsUpdate to find out when new content...
CVE-2025-32711
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...
The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant, related to the lack of data cleaning at the management level, allows a perpetrator to disclose protected information.
The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data
Aim Labs uncovers EchoLeak, a zero-click AI flaw in Microsoft 365 Copilot that allows data theft via email. Learn how this vulnerability enables sensitive information exfiltration without user interaction and its implications for AI security...
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence AI vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 M365 Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the...
PT-2025-25295 · Undefined · Undefined
EchoLeak: First-Ever Zero-Click Vulnerability, CVE-2025-3271, Discovered by Aim Labs in Microsoft 365 Copilot AI, Allowed Attackers Steal Sensitive Data Silently, Now Fixed EchoLeak Hackers Microsoft Copilot CopilotAgent MIcrosoft365 @Microsoft @Copilot...
CVE-2025-32711
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...
M365 Copilot Information Disclosure Vulnerability
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2025-32711
CVE-2025-32711 (EchoLeak) is a zero-click AI command-injection vulnerability in Microsoft 365 Copilot that enables unauthorized data disclosure via crafted emails. The issue stems from prompt-injection techniques exploited by Copilot’s retrieval/processing flow, allowing data exfiltration from Co...
KLA84828 OSI vulnerability in Microsoft Apps
An information disclosure vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions. Original advisories CVE-2025-32711 Related products Microsoft-Copilot-Studio CVE list CVE-2025-32711 critical KB list...
PT-2025-25212
Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot affected versions not specified Description EchoLeak is a critical zero-click issue in Microsoft 365 Copilot that allows an unauthorized remote attacker to exfiltrate sensitive organizational data from OneDrive, SharePoin...
Microsoft M365 Copilot 命令注入漏洞
Microsoft M365 Copilot is an AI-powered productivity tool from Microsoft Corporation USA. Microsoft M365 Copilot suffers from a command injection vulnerability that stems from command injection and could lead to information disclosure over the network...
May 28, 2025—KB5058499 (OS Build 26100.4202) Preview
May 28, 2025—KB5058499 OS Build 26100.4202 Preview For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows 11, version 24H2, see its update history page. Be sure to follow @WindowsUpdate to find out when n...
May 27, 2025—KB5058502 (OS Builds 22621.5413 and 22631.5413) Preview
May 27, 2025—KB5058502 OS Builds 22621.5413 and 22631.5413 Preview For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows 11, version 23H2, see its update history page. Be sure to follow @WindowsUpdate to...
CVE-2024-48140
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message...