Friday , June 13 2025
AI Vulnerability

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action

infosecbulletin 23 hours ago Alert, Hot Topic, Vulnerabilities

Aim Labs discovered a zero-click AI vulnerability named “EchoLeak” in Microsoft 365 Copilot and reported several ways to exploit it to Microsoft’s MSRC team.

The new attack method called “LLM Scope Violation” has been identified, which could also impact other RAG-based chatbots and AI agents. This finding marks a significant breakthrough in understanding how attackers can exploit AI agents by using their internal mechanics.

High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation

By infosecbulletin / Friday , June 13 2025
HashiCorp has revealed a critical vulnerability in its Nomad tool that may let attackers gain higher privileges by misusing the...
Read More
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation

SoftBank: Over 137,000 personal info leaked

By infosecbulletin / Friday , June 13 2025
SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked...
Read More
SoftBank: Over 137,000 personal info leaked

Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code

By infosecbulletin / Friday , June 13 2025
Serious security vulnerabilities in Trend Micro Apex One could allow attackers to inject malicious code and elevate their privileges within...
Read More
Alert Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action

By infosecbulletin / Thursday , June 12 2025
Aim Labs discovered a zero-click AI vulnerability named “EchoLeak” in Microsoft 365 Copilot and reported several ways to exploit it...
Read More
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action

Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps

By infosecbulletin / Wednesday , June 11 2025
On Tuesday, Adobe released security updates for 254 vulnerabilities in its software, mainly affecting Experience Manager (AEM). There are 254...
Read More
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps

Alert
40,000 + live internet cameras exposed globally !

By infosecbulletin / Wednesday , June 11 2025
A new report from Bitsight reveals that over 40,000 internet-connected security cameras around the world are exposed, broadcasting live footage...
Read More
Alert 40,000 + live internet cameras exposed globally !

Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched

By infosecbulletin / Wednesday , June 11 2025
Microsoft's June Patch Tuesday update has arrived, addressing 66 vulnerabilities across its product line. One of these flaws was actively...
Read More
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched

84,000+ Roundcube instances vulnerable to actively exploited flaw

By infosecbulletin / Tuesday , June 10 2025
More than 84,000 Roundcube webmail installations are at risk due to CVE-2025-49113, a severe remote code execution (RCE) vulnerability that...
Read More
84,000+ Roundcube instances vulnerable to actively exploited flaw

CVE-2025-24016
Critical Wazuh RCE Actively Exploited by Mirai Botnets

By infosecbulletin / Monday , June 9 2025
The Security Intelligence and Response Team (SIRT) at Akamai has found that multiple Mirai-based botnets are exploiting CVE-2025-24016, a critical...
Read More
CVE-2025-24016 Critical Wazuh RCE Actively Exploited by Mirai Botnets

CISA Issues Seven Advisories for Industrial Control Systems (ICS)

By infosecbulletin / Sunday , June 8 2025
On June 5, 2025, CISA released seven advisories regarding Industrial Control Systems (ICS) that highlight current security issues, vulnerabilities, and...
Read More
CISA Issues Seven Advisories for Industrial Control Systems (ICS)

By using chains, attackers can automatically and unnoticed extract sensitive information from M365 Copilot, avoiding reliance on user behavior. The result is achieved despite M365 Copilot’s interface being open only to organization employees.

To successfully perform an attack, an adversary simply needs to send an email to the victim without any restriction on the sender’s email.

As a zero-click AI vulnerability, EchoLeak opens up extensive opportunities for data exfiltration and extortion attacks for motivated threat actors. In an ever evolving agentic world, it showcases the potential risks that are inherent in the design of agents and chatbots.

Aim Labs continues in its research activities to identify novel types of vulnerabilities associated with AI deployment and to develop guardrails that mitigate against such novel vulnerabilities.

Aim Labs is not aware of any customers being impacted to date. To read the full report click here.

40,000 + live internet cameras exposed globally !

Check Also

40000 internet

Alert
40,000 + live internet cameras exposed globally !

A new report from Bitsight reveals that over 40,000 internet-connected security cameras around the world …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin