Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
7 résultats taggé zero-click  ✕
Echoleak Blogpost https://www.aim.security/lp/aim-labs-echoleak-blogpost
12/06/2025 07:30:49
QRCode
archive.org
thumbnail
  • Aim Labs has identified a critical zero-click AI vulnerability, dubbed “EchoLeak”, in Microsoft 365 (M365) Copilot and has disclosed several attack chains that allow an exploit of this vulnerability to Microsoft's MSRC team.
  • This attack chain showcases a new exploitation technique we have termed "LLM Scope Violation" that may have additional manifestations in other RAG-based chatbots and AI agents. This represents a major research discovery advancement in how threat actors can attack AI agents - by leveraging internal model mechanics.
  • The chains allow attackers to automatically exfiltrate sensitive and proprietary information from M365 Copilot context, without the user's awareness, or relying on any specific victim behavior.
  • The result is achieved despite M365 Copilot's interface being open only to organization employees.
  • To successfully perform an attack, an adversary simply needs to send an email to the victim without any restriction on the sender's email.
  • As a zero-click AI vulnerability, EchoLeak opens up extensive opportunities for data exfiltration and extortion attacks for motivated threat actors. In an ever evolving agentic world, it showcases the potential risks that are inherent in the design of agents and chatbots.
  • Aim Labs continues in its research activities to identify novel types of vulnerabilities associated with AI deployment and to develop guardrails that mitigate against such novel vulnerabilities.
    Aim Labs is not aware of any customers being impacted to date.
    TL;DR
    Aim Security discovered “EchoLeak”, a vulnerability that exploits design flaws typical of RAG Copilots, allowing attackers to automatically exfiltrate any data from M365 Copilot’s context, without relying on specific user behavior. The primary chain is composed of three distinct vulnerabilities, but Aim Labs has identified additional vulnerabilities in its research process that may also enable an exploit.
aim.security EN 2025 research vulnerability zero-click AI EchoLeak M365 Copilot LLM-Scope-Violation
iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S. https://iverify.io/blog/iverify-uncovers-evidence-of-zero-click-mobile-exploitation-in-the-us
09/06/2025 23:18:49
QRCode
archive.org
thumbnail

Throughout late 2024 and early 2025, iVerify detected anomalous activity on iPhones belonging to individuals affiliated with political campaigns, media organizations, A.I. companies and governments operating in the United States and European Union.

Specifically, we detected exceedingly rare crashes typically associated with sophisticated zero-click attacks via iMessage – an exploitation technique previously unobserved in any systematic way in the United States. Subsequent forensic examination of several of these devices ultimately revealed a previously unknown vulnerability in the “imagent” process which, owing to its relative position in the operating system and functionality, would provide attackers a primitive for further exploitation. This vulnerability was patched by Apple in iOS 18.3. We’ve dubbed this vulnerability NICKNAME.

In the course of our investigation, we discovered evidence suggesting – but not definitively proving – this vulnerability was exploited in targeted attacks as recently as March of this year. Specifically, we learned that Apple sent Threat Notifications to at least one device belonging to a senior government official in the EU on which we saw the highly anomalous crashes. Likewise, one device demonstrated behavior frequently associated with successful exploitation, specifically the creation and deletion of iMessage attachments in bulk within a matter of seconds on several occasions after an anomalous crash. We only observed these crashes on devices belonging to extremely high value targets. And these crashes constituted only .0001% of the crash log telemetry taken from a sample of 50,000 iPhones.

iverify EN 2025 iPhones spyware iOS zero-click iMessage vulnerability
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b
14/09/2024 21:10:30
QRCode
archive.org

I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.

mikko-kenttala EN 2024 Critical zero-click macos vulnerability
Apple issues third mobile OS update after zero-click spyware campaign https://cyberscoop.com/apple-os-update-spyware/
26/07/2023 13:18:01
QRCode
archive.org
thumbnail

The patch is the latest to address issues associated with what cybersecurity firm Kaspersky called Operation Triangulation.

cyberscoop EN 2023 Apple Triangulation zero-click iOS CVE-2023-38606
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/
11/04/2023 18:37:46
QRCode
archive.org
thumbnail

Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.

microsoft EN 2023 QuaDream spyware spy IoCs DEV-0196 iOS calendar zero-click REIGN
Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers/
11/04/2023 18:34:14
QRCode
archive.org
thumbnail

At least five civil society victims of QuaDream’s spyware and exploits were identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. Traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.

CitizenLab EN 2023 QuaDreams Spyware spyware spy iPhone calendar zero-click
iPhone flaw exploited by second Israeli spy firm-sources https://www.reuters.com/technology/exclusive-iphone-flaw-exploited-by-second-israeli-spy-firm-sources-2022-02-03/
14/02/2022 13:26:45
QRCode
archive.org
thumbnail

A flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.

Apple EN Reuters QuaDream 0-day-as-a-service zero-click ForcedEntry
4395 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio