Preventing Zero-Click AI Threats: Insights from EchoLeak


EchoLeak (CVE-2025-32711) is a newly identified vulnerability in Microsoft 365 Copilot, made more nefarious by its zero-click nature, meaning it requires no user interaction to succeed.

It demonstrates how helpful systems can open the door to entirely new forms of attack— no malware, no phishing required—just the unquestioning obedience of an AI agent. This new threat has even been classified by the team behind the disclosure as a new form of large language model (LLM) exploitation called “Scope Violation.”

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber secnews and insights delivered right to your inbox.


Related:

  • NSA Advocates Data Sharing Framework

    June 23, 2017

    The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...