Med-Mastodon

LMG SecurityNo Click. No Warning. Just a Data Leak.Think your AI assistant is secure? Think again. The new EchoLeak exploit shows how Microsoft 365 Copilot, and tools like it, can silently expose your sensitive data without a single user interaction. No clicks. No downloads. Just a well-crafted email.In this eye-opening blog, we break down how EchoLeak works, why prompt injection is a growing AI threat, and the 5 actions you need to take right now to protect your organization. Read now: <a href="https://www.lmgsecurity.com/no-click-nightmare-how-echoleak-redefines-ai-data-security-threats/" rel="nofollow noopener" translate="no" target="_blank">https://www.lmgsecurity.com/no-click-nightmare-how-echoleak-redefines-ai-data-security-threats/</a><a href="https://infosec.exchange/tags/AIDataSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIDataSecurity</a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberaware</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyber</a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMB</a> <a href="https://infosec.exchange/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Copilot</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/GenAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#GenAI</a> <a href="https://infosec.exchange/tags/EchoLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#EchoLeak</a> <a href="https://infosec.exchange/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#PromptInjection</a> <a href="https://infosec.exchange/tags/MicrosoftCopilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftCopilot</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITsecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/AISecurityRisks" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISecurityRisks</a>

LMG SecurityCan Your AI Be Hacked by Email Alone?No clicks. No downloads. Just one well-crafted email, and your Microsoft 365 Copilot could start leaking sensitive data.In this week’s episode of Cyberside Chats, <a href="https://infosec.exchange/@sherridavidoff" class="u-url mention" rel="nofollow noopener" target="_blank">@sherridavidoff</a> and <a href="https://infosec.exchange/@MDurrin" class="u-url mention" rel="nofollow noopener" target="_blank">@MDurrin</a> discuss EchoLeak, a zero-click exploit that turns your AI into an unintentional insider threat. They also reveal a real-world case from LMG Security’s pen testing team where prompt injection let attackers extract hidden system prompts and override chatbot behavior in a live environment.We’ll also share:• How EchoLeak exposes a new class of AI vulnerabilities • Prompt injection attacks that fooled real corporate systems • Security strategies every organization should adopt now • Why AI inputs need to be treated like code🎧 Listen to the podcast: <a href="https://www.chatcyberside.com/e/unmasking-echoleak-the-hidden-ai-threat/?token=90468a6c6732e5e2477f8eaaba565624" rel="nofollow noopener" translate="no" target="_blank">https://www.chatcyberside.com/e/unmasking-echoleak-the-hidden-ai-threat/?token=90468a6c6732e5e2477f8eaaba565624</a> 🎥 Watch the video: <a href="https://youtu.be/sFP25yH0sf4" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/sFP25yH0sf4</a><a href="https://infosec.exchange/tags/EchoLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#EchoLeak</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft365</a> <a href="https://infosec.exchange/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Copilot</a> <a href="https://infosec.exchange/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#PromptInjection</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/InsiderThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#InsiderThreats</a> <a href="https://infosec.exchange/tags/GenAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#GenAI</a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> <a href="https://infosec.exchange/tags/CybersideChats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CybersideChats</a>

Jukka NiiranenLLM based agents cannot be secured if you 1) give them access to private data, 2) let them read untrusted content, and 3) allow them to communicate with the external world.In his new blog post, Simon Willison writes a sharp & easy to understand summary about this "lethal trifecta for AI agents": <a href="https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/" rel="nofollow noopener" translate="no" target="_blank">https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/</a>M365 <a href="https://mstdn.social/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Copilot</a> hacks like <a href="https://mstdn.social/tags/EchoLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#EchoLeak</a> are nasty. But as Simon points out, once you combine different AI tools and <a href="https://mstdn.social/tags/MCP" class="mention hashtag" rel="nofollow noopener" target="_blank">#MCP</a> to build your own agents, securing agents gets even harder.

Guido StevensCopilot happily executes attack instructions it finds in emails you receive. This bubble is going to burst.<a href="https://kolektiva.social/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#ai</a> <a href="https://kolektiva.social/tags/echoleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#echoleak</a> <a href="https://kolektiva.social/tags/copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#copilot</a><a href="https://pivot-to-ai.com/2025/06/15/echoleak-send-an-email-extract-secret-info-from-microsoft-office-365-copilot-ai/" rel="nofollow noopener" translate="no" target="_blank">https://pivot-to-ai.com/2025/06/15/echoleak-send-an-email-extract-secret-info-from-microsoft-office-365-copilot-ai/</a>

Miguel Afonso Caetano"Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is now rolled out.This is an extended variant of the prompt injection exfiltration attacks we've seen in a dozen different products already: an attacker gets malicious instructions into an LLM system which cause it to access private data and then embed that in the URL of a Markdown link, hence stealing that data (to the attacker's own logging server) when that link is clicked.The lethal trifecta strikes again! Any time a system combines access to private data with exposure to malicious tokens and an exfiltration vector you're going to see the same exact security issue.In this case the first step is an "XPIA Bypass" - XPIA is the acronym Microsoft use for prompt injection (cross/indirect prompt injection attack). Copilot apparently has classifiers for these, but unsurprisingly these can easily be defeated:"<a href="https://simonwillison.net/2025/Jun/11/echoleak/" rel="nofollow noopener" translate="no" target="_blank">https://simonwillison.net/2025/Jun/11/echoleak/</a><a href="https://tldr.nettime.org/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://tldr.nettime.org/tags/GenerativeAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#GenerativeAI</a> <a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://tldr.nettime.org/tags/EchoLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#EchoLeak</a> <a href="https://tldr.nettime.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://tldr.nettime.org/tags/Microsof365Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsof365Copilot</a> <a href="https://tldr.nettime.org/tags/ZeroClickVulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZeroClickVulnerability</a> <a href="https://tldr.nettime.org/tags/LLMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#LLMs</a> <a href="https://tldr.nettime.org/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#PromptInjection</a> <a href="https://tldr.nettime.org/tags/Markdown" class="mention hashtag" rel="nofollow noopener" target="_blank">#Markdown</a> <a href="https://tldr.nettime.org/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Copilot</a>

Hackread.comA zero-click flaw in <a href="https://mstdn.social/tags/Microsoft365Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft365Copilot</a>, dubbed <a href="https://mstdn.social/tags/EchoLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#EchoLeak</a>, lets attackers steal company data through a single email, no user action needed. AI assistants now pose real risks.Read: <a href="https://hackread.com/zero-click-ai-flaw-microsoft-365-copilot-expose-data/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/zero-click-ai-flaw-microsoft-365-copilot-expose-data/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://mstdn.social/tags/ZeroClick" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZeroClick</a> <a href="https://mstdn.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://mstdn.social/tags/CoPilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#CoPilot</a>

Marcel SIneM(S)USKritische Sicherheitslücke in <a href="https://social.tchncs.de/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft365</a> <a href="https://social.tchncs.de/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Copilot</a> zeigt Risiko von KI-Agenten | heise online <a href="https://www.heise.de/news/Kritische-Sicherheitsluecke-in-Microsoft-365-Copilot-zeigt-Risiko-von-KI-Agenten-10441034.html" rel="nofollow noopener" translate="no" target="_blank">https://www.heise.de/news/Kritische-Sicherheitsluecke-in-Microsoft-365-Copilot-zeigt-Risiko-von-KI-Agenten-10441034.html</a> <a href="https://social.tchncs.de/tags/EchoLeak" class="mention hashtag" rel="nofollow noopener" target="_blank">#EchoLeak</a> <a href="https://social.tchncs.de/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArtificialIntelligence</a>

Recent searches

Search options

Administered by:

Server stats:

#echoleak