banner1
banner2

HOME
Breaking News

“EchoLeak” Zero-Click Hack Exposes Microsoft 365 Copilot’s Silent Data Leak Risk

by VARINDIA 2025-06-16
“EchoLeak” Zero-Click Hack Exposes Microsoft 365 Copilot’s Silent Data Leak Risk

Identified by Aim Security, the flaw allows a hacker to send a single crafted email that Copilot processes silently—no user clicks required. 


A serious cybersecurity flaw named EchoLeak has been discovered in Microsoft 365 Copilot, marking the first-known zero-click attack targeting an AI assistant. Identified by Aim Security, this vulnerability allows hackers to exploit Microsoft's AI-powered tool without any user interaction — no clicks, no downloads, and no visible prompts.

With zero-click attacks, malicious actors bypass traditional defenses by embedding hidden prompts in a single crafted email. Once received, Microsoft 365 Copilot silently processes the email, automatically accessing internal files, scanning sensitive information, and transmitting it externally — all without alerting the user or triggering standard security protocols.

What makes EchoLeak particularly alarming is its stealth: corporate data is exfiltrated without the user even knowing an attack has occurred. The exploit completely bypasses Microsoft's built-in data loss prevention and email security filters, raising significant concerns about the security of AI tools integrated into enterprise software.

This attack underscores the growing risk of AI integration in workplace systems. As AI assistants like Microsoft 365 Copilot become more deeply embedded in email, documentation, and collaboration platforms, they also become attractive targets for sophisticated cybercriminals.

Security experts are now urging organizations to reassess how they deploy AI tools in their environments and to demand greater transparency and cybersecurity accountability from tech providers. Enhanced AI safety protocols, robust prompt injection prevention, and multi-layered access controls are being recommended to avoid future breaches.

The EchoLeak vulnerability is a wake-up call for the tech industry, emphasizing that while AI can enhance productivity, it also introduces new cybersecurity attack surfaces that must be addressed urgently. Microsoft has yet to release an official patch or comment on the timeline for fixing the issue.

 

Also Read: Microsoft to include Copilot in Microsoft 365 for consumers

er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Cyberattacks Against Vulnerable Groups Skyrocket: Journalism Organizations Hit Hardest

Cyberattacks Against Vulnerable Groups Skyrocket: Journalism Organizations Hit Hardest

Healthcare tops India’s 2024 cyberattack list, warns Seqrite in new report

Healthcare tops India’s 2024 cyberattack list, warns Seqrite in new report

Fortinet rolls out new AI security suite for enterprise workspaces

Fortinet rolls out new AI security suite for enterprise workspaces

SOFTWARE
View All
Honeywell unveils AI- powered smart building management solution

Honeywell unveils AI- powered smart building management solution

Ericsson, Google Cloud collaborate on scalable AI-based 5G core

Ericsson, Google Cloud collaborate on scalable AI-based 5G core

Adobe powers Newell Brands’ marketing shift with Firefly and Express

Adobe powers Newell Brands’ marketing shift with Firefly and Express

START - UP
View All
MIPS and Cyient Semiconductor team up on custom RISC-V solutions

MIPS and Cyient Semiconductor team up on custom RISC-V solutions

Lenskart to Acquire Location AI Startup GeoIQ

Lenskart to Acquire Location AI Startup GeoIQ

GTT Data reports ₹16.53 Cr revenue, sets sights on AI-driven expansion

GTT Data reports ₹16.53 Cr revenue, sets sights on AI-driven expansion

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
HCLTech to accelerate product-based transformation for E.ON

HCLTech to accelerate product-based transformation for E.ON

Google Meet Introduces Real-Time Speech Translation

Google Meet Introduces Real-Time Speech Translation

Regulatory Pressure Spurs Cybersecurity Spending

Regulatory Pressure Spurs Cybersecurity Spending

India Tops Global AI Trust with 76% Confidence 🇮🇳

India Tops Global AI Trust with 76% Confidence 🇮🇳

Hidden Dangers in the Cloud: Public Storage Missteps Exposed

Hidden Dangers in the Cloud: Public Storage Missteps Exposed

Tesla Pi Tablet Rumours Shake Up Tablet Market: Innovation Incoming

Tesla Pi Tablet Rumours Shake Up Tablet Market: Innovation Incoming

It’s time to Secure Enterprise AI from Model Poisoning

It’s time to Secure Enterprise AI from Model Poisoning

Regulated Industries Embrace On-Premise AI for Compliance & Control

Regulated Industries Embrace On-Premise AI for Compliance & Control

Sadhguru Seeks Court Protection Against AI Deepfakes

Sadhguru Seeks Court Protection Against AI Deepfakes

Travel Smarter: Stay Alert to Tourism Scams

Travel Smarter: Stay Alert to Tourism Scams

dsf