Aim Security researchers found a zero-click vulnerability in Microsoft 365 Copilot that could have been exploited to have AI tools like RAG and AI agents hand over sensitive corporate data to ...

The researchers said the campaign most likely started in December 2024. By abusing Microsoft Teams API and Amazon Web Services (AWS) servers located around the world, they were able to launch ...

Discover the capabilities of Microsoft 365 Data Loss Prevention (DLP) and understand its limitations. Learn how to prevent unauthorized data access and sharing.

Security experts offer their takes on some of the flaws, including a set of vulnerabilities that could enable remote code ...

EchoLeak affected Microsoft 365 Copilot, the AI assistant integrated across several Office applications, including Word, ...

Security researchers at Aim Security discovered "EchoLeak", the first known zero-click artificial intelligence (AI) ...

The "UNK_SneakyStrike" campaign is actively targeting over 80,000 Microsoft Entra ID accounts by weaponizing the ...

Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data ...

A new ATO campaign using TeamFiltration breached 80,000+ Microsoft Entra ID accounts via password spraying, impacting ...

Microsoft 365 Copilot, the AI tool built into Microsoft Office workplace applications including Word, Excel, Outlook, ...

Microsoft has released its June 2025 Patch Tuesday updates, fixing 66 flaws including a critical zero-day actively exploited ...

Outlook will block .library-ms and .search-ms attachments starting July 2025 to boost security across web and Windows apps.