Technology • Jun 12, 2025

Researchers uncover 0-click flaw in Microsoft Copilot

Researchers found a serious flaw in Microsoft Copilot called EchoLeak—the first known zero-click attack on an AI tool. Hackers could grab private info like chats and docs without you even clicking anything. Microsoft fixed the issue in May 2025.

TL;DR

How the attack worked

Attackers sent sneaky emails with hidden commands that Copilot would read and act on, leaking things from OneDrive, Teams, and more—all without users noticing.

Microsoft fixed the issue in May 2025

Yep—Microsoft rolled out a server-side fix, so users didn't have to do anything. There's no sign anyone was hit by this bug, but it's a reminder that even AI tools need strong security as they become part of everyday life.

Latest News

Leroy Sane officially joins Galatasaray from Bayern: Decoding his stats

Bayern Munich

Axiom-4: Shubhanshu Shukla to conduct these experiments aboard ISS

International Space Station (ISS)

80% of Indians now discover products via social media: Meta