Tootfinder

Researchers find the first known "zero-click" attack on an AI agent; the now-fixed flaw in Microsoft 365 Copilot would let a hacker attack a user via an email (Sharon Goldman/Fortune)
https://fortune.com/2025/06/11/microsoft-cop…

Exclusive: New Microsoft Copilot flaw signals broader risk of AI agents being hacked—‘I would be terrified’
Microsoft fixed the Copilot flaw, but researchers warn the real danger lies in how all AI agents are built.

Kritische Sicherheitslücke in Microsoft 365 Copilot zeigt Risiko von KI-Agenten
Der KI-Agent von M365 konnte per E-Mail und ohne Mausklick zur Freigabe sensibler Informationen verführt werden. Microsoft hat die Lücke jetzt geschlossen.

Agentic AI as the enemy's agent.
It is a bad idea to allow an LLM access to internal data and external communication (web pages, APIs, email, …) at the same time.
#AgenticAI #DataLeak #LLM

/me opens Outlook, disables #Copilot
/me opens #GitHub, disables Copilot
/me opens notepad, disables Copilot
/me opens #GitKraken, disables ai
/me opens Outlook, disab…

Microsoft launches Copilot 3D, a free AI-powered tool allowing users to transform 2D images into 3D models without a text prompt, available in Copilot Labs (Tom Warren/The Verge)
https://www.theverge.com/hands-on/756587/microsoft-copilot-3d-feature-hands-on

Microsoft’s new Copilot 3D feature is great for Ikea, bad for my dog
Microsoft has created a new Copilot 3D feature. It converts 2D images into 3D models that can be used for 3D printing or in 3D editing software.

Generalized Tur\'an results for disjoint copies of degenerate graphs
Caihong Yang, Jiasheng Zeng
https://arxiv.org/abs/2508.06043 https://arxiv.org/pdf…

Generalized Turán results for disjoint copies of degenerate graphs
The generalized Turán number $\mathrm{ex}(n, H, F)$ denotes the maximum number of copies of $H$ in an $n$-vertex $F$-free graph. For an integer $t \geq 1$, let $tF$ be the vertex-disjoint union of $t$ copies of $F$. Gerbner, Methuku, and Vizer (2019) established an asymptotically sharp bound for $\mathrm{ex}(n,K_r,(t+1)K_{2,b})$. We extend their results in two directions by considering forbidden graphs $(t+1)K_{a,b}$ and $(t+1)C_{2k}$ and establish more precise matching upper and lower bounds …

Check out today's Metacurity to stay on top of the never-ending overload of infosec developments, including
--Operation Secure disrupts infostealer malware groups worldwide
--Microsoft 365 Copilot harbored critical 'EchoLeak' security flaw,
--FIN6 targets LinkedIn recruiters,
--Smart watches can steal data from air-gapped systems,
--Cybercrims stole NHS Active Directory database,
--Two journalists hacked using Paragon spyware,
--Ransomware…

Operation Secure disrupts infostealer malware groups worldwide
Microsoft 365 Copilot harbored critical 'EchoLeak' security flaw, FIN6 targets LinkedIn recruiters. Smart watches can steal data in air-gapped systems, Cybercrims stole NHS Active Directory database, Two journalists hacked using Paragon spyware, Ransomware hits large hospitals in Maine, much more

LOL no.
https://masto.pt/@tugatech/115011897895923151

Donnerstag: Apotheken mit mehr Freiheiten, KI-Agenten mit Sicherheitslücken
Apotheken-Kooperationen erlaubt Lücke in Microsoft 365 Copilot Sandspeicher für Fernwärme Kias Elektrobus-Varianten Sam Altmans Prophezeiungen für 2030

Microsoft Lens: Aus für mobilen PDF-Scanner
Die Lens-App von Microsoft für Android und iOS stellt der Hersteller in Kürze ein. Die Funktion wandert in den MS365-Copilot.
https://www.heise.de/news/M…