🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

Security researchers found a zero-click vulnerability in Microsoft 365 Copilot.

The Verge

The Verge · 2m ago

Security researchers found a zero-click vulnerability in Microsoft 365 Copilot.

Security researchers discovered a zero-click vulnerability, named "EchoLeak," in Microsoft 365 Copilot. This flaw allowed attackers to extract sensitive information without user awareness by sending a malicious email prompt, instructing Copilot to access confidential data. Microsoft has addressed the issue, identifying it as CVE-2025-32711, and confirmed it has not been exploited in the wild.

1

Related News

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it

Arstechnica

Arstechnica · 1y ago

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it

Researchers have found that threat actors targeted Windows users with malware for over a year using zero-day attacks, before Microsoft fixed the vulnerability that enabled these attacks. The vulnerability affected both Windows 10 and 11 and caused devices to open Internet Explorer, which had been decommissioned by Microsoft in 2022. Malicious code exploiting the vulnerability has been in circulation since January 2023. The researchers noted that the attack code used novel tricks to deceive Windows users for remote code execution. Microsoft fixed the vulnerability in its latest monthly patch release.

Microsoft alerts businesses, governments to server software attack - The Economic Times

Economic Times

Economic Times · 1m ago

Microsoft alerts businesses, governments to server software attack - The Economic Times

Microsoft has issued a warning about active cyberattacks on SharePoint servers, used by government agencies and businesses, due to a "zero day" vulnerability. SharePoint Online in Microsoft 365 remains unaffected. Urgent security updates are recommended; servers should be disconnected if updates cannot be applied immediately. The issue involves spoofing, where attackers impersonate trusted entities. Microsoft is coordinating with global cybersecurity partners and has alerted customers to install necessary updates promptly.

A new Windows Defender zero-day is already being exploited to drop dangerous malware

Techradar

Techradar · 1y ago

A new Windows Defender zero-day is already being exploited to drop dangerous malware

Hackers have been exploiting a zero-day vulnerability in Windows Defender SmartScreen to target crypto traders with malware. The threat actor, known as Water Hydra or DarkCasino, used the zero-day in attacks carried out on New Year’s Eve in 2023. Microsoft has released a patch for the vulnerability, noting that an attacker could send a specially crafted file to bypass security checks. The attack relied on convincing victims to click on a file link. The group deployed spearphishing techniques on Telegram to distribute DarkMe malware, with the ultimate goal of deploying ransomware.

North Korea-backed hackers target security researchers with 0-day

Arstechnica

Arstechnica · 1y ago

North Korea-backed hackers target security researchers with 0-day

North Korea-backed hackers are once again targeting security researchers, using a zero-day exploit and related malware to infiltrate computers used for sensitive cybersecurity investigations. Google researchers discovered the unfixed zero-day vulnerability in a popular software package used by the targeted researchers. The hackers established working relationships with the researchers before exploiting the vulnerability using a malicious file. This campaign closely matches a previous one definitively tied to North Korean government-backed hackers. The hackers pose as security researchers and develop relationships on social media before sharing Trojanized exploits or analysis tools with their targets.

Microsoft unveils new autonomous agents in Copilot to enhance business process

Livemint

Livemint · 10m ago

Microsoft unveils new autonomous agents in Copilot to enhance business process

Microsoft is expanding its AI-driven Copilot platform with new autonomous agent capabilities that aim to transform business processes. These new tools, such as Copilot Studio and Dynamics 365, enable businesses to create AI agents that can streamline tasks in sales, finance, and supply chain management. These agents range from simple task assistants to fully autonomous systems. The agents will rely on data from Microsoft 365 Graph, Dataverse, and Fabric, ensuring they can perform tasks independently while adhering to security and governance protocols. Microsoft also announced the introduction of 10 new autonomous agents within Dynamics 365 to help businesses embrace AI-first processes.

Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw

The Verge

The Verge · 22d ago

Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw

Microsoft's new NLWeb protocol, designed to bring AI search to websites and apps, has been found to have a significant security flaw. This path traversal vulnerability allows unauthorized access to sensitive files, including API keys. Microsoft addressed the flaw after reports from researchers Aonan Guan and Lei Wang, but has not yet issued a CVE, which the researchers advocate for increased awareness. The discovery emphasizes the importance of prioritizing security as AI systems evolve.

Microsoft should change its Copilot advertising, says watchdog

The Verge

The Verge · 2m ago

Microsoft should change its Copilot advertising, says watchdog

An advertising watchdog has recommended that Microsoft modify its Copilot advertising claims, citing misleading productivity and branding information. The Better Business Bureau's National Advertising Division (NAD) suggests Microsoft clarify the productivity benefits and limitations of its Microsoft 365 Copilot and Business Chat features. The NAD found discrepancies in Microsoft's productivity claims and urges clearer branding to avoid customer confusion. Microsoft plans to comply with NAD's recommendations for clearer communication in future advertisements.

Microsoft launches Copilot Pro worldwide with a one-month free trial

The Verge

The Verge · 1y ago

Microsoft launches Copilot Pro worldwide with a one-month free trial

Microsoft is expanding its Copilot Pro subscription, an AI-powered assistant, to more markets worldwide. The subscription, available in 222 countries, provides access to the latest OpenAI models, the ability to build customized Copilot GPT, and access to Copilot in Microsoft Office apps. The integration of Copilot Pro into Office web apps allows users to utilize the chatbot in Word, Outlook, and other free web apps without a separate Microsoft 365 subscription. The availability of Copilot for Microsoft 365 is also being extended to more businesses in the coming weeks.

Microsoft left internal passwords exposed in latest security blunder

The Verge

The Verge · 1y ago

Microsoft left internal passwords exposed in latest security blunder

Last month, Microsoft faced a server security breach that exposed passwords, keys, and credentials of its employees to the internet. The vulnerability was discovered by three security researchers at SOCRadar, who found that an Azure-hosted server related to Microsoft's Bing search engine was left unprotected and accessible to anyone. The server contained security credentials used by Microsoft employees to access internal systems, making it a potential gateway for hackers to access other critical data. This incident highlights the need for stronger security measures in the software industry.

Microsoft works to add non-OpenAI models into 365 Copilot products, sources say

Economic Times

Economic Times · 8m ago

Microsoft works to add non-OpenAI models into 365 Copilot products, sources say

Microsoft is working on incorporating internal and third-party AI models into its flagship AI product, Microsoft 365 Copilot, to reduce costs and lessen its reliance on OpenAI. The move aims to make 365 Copilot faster, more efficient, and cheaper for Microsoft to run. While Microsoft continues to partner with OpenAI on frontier models, they are also working on training their own smaller models and customizing other open-weight models. The goal is to provide cost savings to customers. Microsoft 365 Copilot is still working to prove its ROI to enterprises, but adoption and sales are expected to increase.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

June 2025

Helping your parents when you are miles away

The Pit Stop Your Cravings Deserve

The next generation E-commerce platform

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

Just Months After Promotion, Open ...

Exclusive: Robotics startup Miko ...

“Your Phone Is Outdated”: Sam Alt ...

Download the medial app to read full posts, comements and news.