Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior

/in

Hirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data.

The post Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior appeared first on SecurityWeek.

SecurityWeek – ​Read More

EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data

/in

Aim Labs uncovers EchoLeak, a zero-click AI flaw in Microsoft 365 Copilot that allows data theft via email. Learn how this vulnerability enables sensitive information exfiltration without user interaction and its implications for AI security.

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

/in

A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot’s context sans any user interaction.
The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been already

The Hacker News – ​Read More

Researchers confirm two journalists were hacked with Paragon spyware

/in

The confirmation of two hacked victims further deepens an ongoing spyware scandal that, for now, appears largely focused on the Italian government.

Security News | TechCrunch – ​Read More

Surge in Cyberattacks Targeting Journalists: Cloudflare

/in

Between May 2024 and April 2025, Cloudflare blocked 109 billion malicious requests targeting organizations protected under Project Galileo.

The post Surge in Cyberattacks Targeting Journalists: Cloudflare appeared first on SecurityWeek.

SecurityWeek – ​Read More

‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot

/in

Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot.

The post ‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot appeared first on SecurityWeek.

SecurityWeek – ​Read More

The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce

/in

It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.

The post The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce appeared first on SecurityWeek.

SecurityWeek – ​Read More

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

/in

ConnectWise has disclosed that it’s planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security concerns.
The company said it’s doing so “due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.

The Hacker News – ​Read More

Palo Alto Networks Patches Privilege Escalation Vulnerabilities

/in

Palo Alto Networks has released patches for seven vulnerabilities and incorporated the latest Chrome fixes in its products.

The post Palo Alto Networks Patches Privilege Escalation Vulnerabilities appeared first on SecurityWeek.

SecurityWeek – ​Read More

Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified

/in

Interpol has announced a crackdown on infostealer malware in Asia as part of an effort called Operation Secure.

The post Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified appeared first on SecurityWeek.

SecurityWeek – ​Read More