Complete News, Your Way.
Get Started
SubscribeLogin
Israel-Hamas Conflict
Airstrike
Aviation Accidents
Benjamin Netanyahu
Artificial Intelligence
Social Media
Donald Trump
World Cup
Riots
Drones
United Nations
Soccer
Immigration
Published loading...Updated

Copilot Vision Just Launched on Windows — Here’s What It Actually Does

  • Researchers at Aim Labs discovered a critical zero-click vulnerability called EchoLeak in Microsoft 365 Copilot, revealed in January 2025 with a fix deployed in May 2025.
  • The flaw resulted from a fundamental design issue where a malicious email with hidden prompt injection could trick Copilot into leaking sensitive data without user action.
  • EchoLeak could expose internal chat histories, documents, and emails via Microsoft Teams and SharePoint URLs, bypassing existing protections and representing a new class of AI security risks.
  • Microsoft acknowledged the issue, assigned CVE-2025-32711, coordinated with Aim Labs for five months, fully addressed the vulnerability server-side, and stated no customers were affected.
  • This incident highlights growing AI security challenges, emphasizing the need for stronger prompt filters, post-processing, and rethinking AI agent design to protect sensitive enterprise data.
Insights by Ground AI
Does this summary seem wrong?
Podcasts & Opinions

28 Articles

All
Left
Center
4
Right
Tom's GuideTom's Guide
Center

Copilot Vision just launched on Windows — here’s what it actually does

Microsoft’s new AI feature just launched in the U.S. — and it wants to read your screen so you don’t have to.

Read Full Article
BenzingaBenzinga
Center

Hackers Could Steal Data From Microsoft 365 Copilot Without Phishing Or Malware, Says AI Startup — 'EchoLeak' Flaw Took 5 Months To Fix - Alphabet (NASDAQ:GOOG), Alphabet (NASDAQ:GOOGL)

A critical security flaw was discovered in Microsoft (NASDAQ: MSFT) 365 Copilot, an AI tool integrated into various Microsoft Office applications. This vulnerability could potentially lead to attacks on sensitive data.

·New York, United States
Read Full Article
BleepingComputerBleepingComputer
Center

Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot

A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction.

Read Full Article
Cybersecurity DiveCybersecurity Dive
Center

Critical flaw in Microsoft Copilot could have allowed zero-click attack

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction.

Read Full Article
Windows CentralWindows Central

Copilot Vision just launched — and Microsoft already added new features

Microsoft just launched Copilot Vision with support for multitasking, real-time tips, and Highlights to guide users through apps.

Read Full Article
OODA LoopOODA Loop

New Microsoft Copilot flaw signals broader risk of AI agents being hacked

Microsoft 365 Copilot, the AI tool built into Microsoft Office workplace applications including Word, Excel, Outlook, PowerPoint, and Teams, harbored a critical security flaw that, according to researchers, signals a broader risk of AI agents being hacked. The flaw, revealed today by AI security startup Aim Security and shared exclusively in advance with Fortune, is […] The post New Microsoft Copilot flaw signals broader risk of AI agents being …

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

winfuture.de broke the news in on Tuesday, June 10, 2025.
Sources are mostly out of (0)

Similar News Topics

Microsoft

Microsoft

Apps

Apps

Windows 11

Windows 11

Technology

Technology

Artificial Intelligence

Artificial Intelligence

Windows

Windows

News
For You
SearchBlindspotLocal