Artificial Intelligence and Cybersecurity: Copilot Vulnerability Exposed By Pooja Tikekar August 21, 2025 In a recent development, Microsoft has discreetly addressed a vulnerability in its Copilot AI, which allowed users to manipulate access logs concerning corporate files. As the company intensifies its integration of this large language model into its…
Published: Jul 07, 2023
Category: Endpoint Security / Ransomware
Ransomware attacks pose a severe challenge for organizations globally, and the threat level continues to escalate. Recently, Microsoft’s Incident Response team delved into the BlackByte 2.0 ransomware attacks, revealing the alarming speed and destructive impact of these cyber assaults. Their findings underscore that cybercriminals can execute a complete attack—from initial infiltration to inflicting considerable damage—in just five days. Hackers swiftly breach systems, encrypt critical data, and demand ransom for its release. This drastically reduced timeline presents significant hurdles for organizations striving to bolster their defenses against such threats. BlackByte ransomware operates in the final phase of the attack, employing an 8-digit key to encrypt files. The investigation highlighted that attackers leverage a potent mix of tactics, particularly exploiting unpatched Microsoft Exchange Servers.
BlackByte 2.0 Ransomware: A Rapid Assault on Organizations On July 7, 2023, Microsoft’s Incident Response team released findings highlighting the alarming speed and impact of BlackByte 2.0 ransomware attacks, which are proving to be an escalating threat for organizations worldwide. The investigations revealed that cybercriminals can orchestrate a complete attack—from…
Published: Jul 07, 2023
Category: Endpoint Security / Ransomware
Ransomware attacks pose a severe challenge for organizations globally, and the threat level continues to escalate. Recently, Microsoft’s Incident Response team delved into the BlackByte 2.0 ransomware attacks, revealing the alarming speed and destructive impact of these cyber assaults. Their findings underscore that cybercriminals can execute a complete attack—from initial infiltration to inflicting considerable damage—in just five days. Hackers swiftly breach systems, encrypt critical data, and demand ransom for its release. This drastically reduced timeline presents significant hurdles for organizations striving to bolster their defenses against such threats. BlackByte ransomware operates in the final phase of the attack, employing an 8-digit key to encrypt files. The investigation highlighted that attackers leverage a potent mix of tactics, particularly exploiting unpatched Microsoft Exchange Servers.
June 12, 2025
Artificial Intelligence / Vulnerability
A new attack method called EchoLeak has been identified as a “zero-click” AI vulnerability, enabling malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without any user involvement. This critical vulnerability has been assigned CVE identifier CVE-2025-32711, with a CVSS score of 9.3. It requires no action from users and has already been addressed by Microsoft, with no reported instances of exploitation. According to a recent advisory, “AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.” This vulnerability has been included in Microsoft’s June 2025 Patch Tuesday updates, bringing the total number of fixed vulnerabilities to 68. Aim Security, which discovered and reported the issue, noted that it exemplifies a large language model (LLM) Scope Violation that leads to indirect prompt injection risks.
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction On June 12, 2025, cybersecurity experts disclosed a significant vulnerability known as EchoLeak, which has been classified as a “zero-click” artificial intelligence (AI) exploit. This flaw allows malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without…
June 12, 2025
Artificial Intelligence / Vulnerability
A new attack method called EchoLeak has been identified as a “zero-click” AI vulnerability, enabling malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without any user involvement. This critical vulnerability has been assigned CVE identifier CVE-2025-32711, with a CVSS score of 9.3. It requires no action from users and has already been addressed by Microsoft, with no reported instances of exploitation. According to a recent advisory, “AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.” This vulnerability has been included in Microsoft’s June 2025 Patch Tuesday updates, bringing the total number of fixed vulnerabilities to 68. Aim Security, which discovered and reported the issue, noted that it exemplifies a large language model (LLM) Scope Violation that leads to indirect prompt injection risks.
Cybercrime, Fraud Management & Cybercrime Oregon Man Charged for Operating DDoS Attack Service Mathew J. Schwartz (@euroinfosec) • August 20, 2025 Image: Shutterstock Federal authorities have charged a 22-year-old from Oregon for operating a sophisticated, on-demand distributed denial-of-service (DDoS) attack service known as “Rapper Bot.” Prosecutors allege that the service…
Microsoft Thwarts Cyber Attack by Chinese State Actor Targeting Western European Governments
On July 12, 2023, Microsoft announced that it successfully defended against a cyber attack launched by a Chinese nation-state actor, aimed at over two dozen organizations, including various government agencies. This espionage campaign, which began on May 15, 2023, sought to obtain sensitive data by gaining access to email accounts linked to approximately 25 entities and a limited number of consumer accounts. The tech giant identified the perpetrator as Storm-0558, a state-sponsored group targeting Western European government bodies. Microsoft stated, “Their focus includes espionage, data theft, and credential access,” and noted the use of custom malware referred to as Cigril and Bling for credential harvesting. The breach was detected on June 16, 2023, after a customer reported unusual email activity to the company.
Microsoft Averts Chinese Cyber Espionage Targeting Western European Governments On July 11, 2023, Microsoft disclosed its successful defense against a sophisticated cyber attack orchestrated by a Chinese state-sponsored group. This operation targeted approximately two dozen organizations, including several governmental entities across Western Europe, in an effort to extract confidential information.…
Microsoft Thwarts Cyber Attack by Chinese State Actor Targeting Western European Governments
On July 12, 2023, Microsoft announced that it successfully defended against a cyber attack launched by a Chinese nation-state actor, aimed at over two dozen organizations, including various government agencies. This espionage campaign, which began on May 15, 2023, sought to obtain sensitive data by gaining access to email accounts linked to approximately 25 entities and a limited number of consumer accounts. The tech giant identified the perpetrator as Storm-0558, a state-sponsored group targeting Western European government bodies. Microsoft stated, “Their focus includes espionage, data theft, and credential access,” and noted the use of custom malware referred to as Cigril and Bling for credential harvesting. The breach was detected on June 16, 2023, after a customer reported unusual email activity to the company.
May 19, 2025
Threat Intelligence / Cybersecurity
Cybersecurity experts are not only combating attacks—they’re also safeguarding trust, ensuring system functionality, and upholding their organization’s reputation. This week’s events underscore a significant concern: as we deepen our reliance on digital tools, unseen vulnerabilities can silently intensify. Addressing issues isn’t sufficient anymore; resilience must be integrated from the ground up. This requires improved systems, fortified teams, and enhanced visibility across the organization. What we’re witnessing is not merely risk; it’s a clear indication that prompt action and informed decision-making are crucial, often more than striving for perfection. Here’s what emerged this week, along with key issues security teams need to prioritize.
⚡ Threat of the Week
Microsoft Addresses 5 Actively Exploited Zero-Day Flaws — In its May 2025 Patch Tuesday update, Microsoft remedied a total of 78 security vulnerabilities, five of which are currently being exploited in the wild. Noteworthy vulnerabilities include CVE-2025-30397, CVE-2025-…
Weekly Cybersecurity Recap: Zero-Day Exploits, Insider Threats, and Emerging Cyber Risks Date: May 19, 2025 In the ever-evolving landscape of cybersecurity, professionals face a dual challenge: defending against aggressive attacks while safeguarding trust, ensuring operational continuity, and preserving their organization’s reputation. Recent events have underscored a critical issue stemming from…
May 19, 2025
Threat Intelligence / Cybersecurity
Cybersecurity experts are not only combating attacks—they’re also safeguarding trust, ensuring system functionality, and upholding their organization’s reputation. This week’s events underscore a significant concern: as we deepen our reliance on digital tools, unseen vulnerabilities can silently intensify. Addressing issues isn’t sufficient anymore; resilience must be integrated from the ground up. This requires improved systems, fortified teams, and enhanced visibility across the organization. What we’re witnessing is not merely risk; it’s a clear indication that prompt action and informed decision-making are crucial, often more than striving for perfection. Here’s what emerged this week, along with key issues security teams need to prioritize.
⚡ Threat of the Week
Microsoft Addresses 5 Actively Exploited Zero-Day Flaws — In its May 2025 Patch Tuesday update, Microsoft remedied a total of 78 security vulnerabilities, five of which are currently being exploited in the wild. Noteworthy vulnerabilities include CVE-2025-30397, CVE-2025-…
Microsoft Alerts U.S. Healthcare Sector About New INC Ransomware Threat
September 19, 2024
Healthcare / Malware
Microsoft has reported that a financially motivated threat actor is utilizing a ransomware strain known as INC for the first time to specifically target the U.S. healthcare sector. The company’s threat intelligence team, tracking this activity under the name Vanilla Tempest (formerly DEV-0832), noted, “Vanilla Tempest is connected to GootLoader infections orchestrated by the threat actor Storm-0494, and employs tools such as the Supper backdoor, the legitimate AnyDesk remote monitoring and management (RMM) software, and MEGA for data synchronization.” Following this, attackers execute lateral movements using Remote Desktop Protocol (RDP) and deploy the INC ransomware payload via Windows Management Instrumentation (WMI) Provider Host. Microsoft revealed that Vanilla Tempest has been operational since at least July 2022, with previous targets including the education, healthcare, IT, and manufacturing sectors.
Microsoft Alerts Healthcare Sector to Emerging INC Ransomware Threat On September 19, 2024, Microsoft issued a warning regarding a new ransomware variant named INC, which has been identified as a potential threat to the U.S. healthcare sector. This alarming development comes in the wake of the company’s threat intelligence team,…
Microsoft Alerts U.S. Healthcare Sector About New INC Ransomware Threat
September 19, 2024
Healthcare / Malware
Microsoft has reported that a financially motivated threat actor is utilizing a ransomware strain known as INC for the first time to specifically target the U.S. healthcare sector. The company’s threat intelligence team, tracking this activity under the name Vanilla Tempest (formerly DEV-0832), noted, “Vanilla Tempest is connected to GootLoader infections orchestrated by the threat actor Storm-0494, and employs tools such as the Supper backdoor, the legitimate AnyDesk remote monitoring and management (RMM) software, and MEGA for data synchronization.” Following this, attackers execute lateral movements using Remote Desktop Protocol (RDP) and deploy the INC ransomware payload via Windows Management Instrumentation (WMI) Provider Host. Microsoft revealed that Vanilla Tempest has been operational since at least July 2022, with previous targets including the education, healthcare, IT, and manufacturing sectors.
Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations
September 27, 2024
Ransomware / Cloud Security
Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.
Microsoft Flags Storm-0501 as Significant Threat in Hybrid Cloud Ransomware Incidents On September 27, 2024, Microsoft announced a notable increase in ransomware attacks orchestrated by the threat actor known as Storm-0501, which has predominantly targeted integral sectors such as government, manufacturing, transportation, and law enforcement across the United States. This…
Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations
September 27, 2024
Ransomware / Cloud Security
Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.
Microsoft has issued a warning about cyberattack strategies that exploit legitimate file hosting platforms like SharePoint, OneDrive, and Dropbox, commonly utilized in corporate environments as a tactic to evade defenses. These campaigns have diverse objectives, enabling threat actors to compromise identities and devices, facilitating business email compromise (BEC) incidents that lead to financial fraud, data theft, and further infiltration into networks.
The abuse of trusted internet services (LIS) is an increasingly prevalent risk factor, allowing adversaries to blend in with normal network activity, often circumventing traditional security measures and complicating threat attribution. This tactic, known as living-off-trusted-sites (LOTS), takes advantage of the inherent trust in these platforms to bypass email security protocols and deliver malware. Microsoft has noted a concerning trend in phishing attacks exploiting this strategy.
Microsoft Alerts on Increasing Use of File Hosting Services in Business Email Compromise Attacks October 9, 2024 Microsoft has issued a warning regarding a rise in cyber attack campaigns that exploit established file hosting services such as SharePoint, OneDrive, and Dropbox. These platforms, frequently utilized in corporate settings, are being…
Microsoft has issued a warning about cyberattack strategies that exploit legitimate file hosting platforms like SharePoint, OneDrive, and Dropbox, commonly utilized in corporate environments as a tactic to evade defenses. These campaigns have diverse objectives, enabling threat actors to compromise identities and devices, facilitating business email compromise (BEC) incidents that lead to financial fraud, data theft, and further infiltration into networks.
The abuse of trusted internet services (LIS) is an increasingly prevalent risk factor, allowing adversaries to blend in with normal network activity, often circumventing traditional security measures and complicating threat attribution. This tactic, known as living-off-trusted-sites (LOTS), takes advantage of the inherent trust in these platforms to bypass email security protocols and deliver malware. Microsoft has noted a concerning trend in phishing attacks exploiting this strategy.
