Data Exfiltration
The latest Data Exfiltration coverage — news, analysis, and updates from the WindowsNews.AI desk.
8 Chrome, Edge extensions with 2M+ installs stole ChatGPT, Gemini chats
Security researchers have uncovered a startling privacy breach in plain sight: several widely used Google Chrome and Microsoft Edge extensions — marketed as privacy and security tools — were...
8 Million AI Chats Exposed: How Privacy Extensions Betrayed User Trust
A shocking investigation has revealed that a family of popular browser extensions, marketed as privacy tools and free VPNs, secretly intercepted and exfiltrated entire conversations from AI chat...
Microsoft Copilot Studio Security Flaws: Prompt Injection Risks Exposed
A recent security investigation has revealed significant vulnerabilities in Microsoft Copilot Studio, Microsoft's no-code platform for building custom AI assistants and chatbots. According to...
ShadyPanda Spyware: 4.3M Chrome & Edge Extensions Compromised in 7-Year Campaign
A sophisticated, seven-year spyware campaign has compromised over 4.3 million Chrome and Edge browser extensions, turning trusted tools into data-exfiltration machines for a threat actor researchers...
Windows 11 Agentic AI Security Risks: Complete Guide to Protection
Microsoft's groundbreaking agentic AI capabilities in Windows 11 represent a paradigm shift in computing, but they come with significant security implications that demand immediate attention from IT...
Microsoft 365 Copilot Security Flaw: Mermaid Diagrams Enable Data Exfiltration
A sophisticated security vulnerability in Microsoft 365 Copilot has been uncovered, where seemingly innocent Mermaid diagrams can be weaponized to extract sensitive organizational data through...
Mermaid diagrams weaponized in Microsoft 365 Copilot for data theft via prompt injection.
Microsoft 365 Copilot recently demonstrated a critical security vulnerability that allowed attackers to weaponize Mermaid diagrams for data exfiltration through sophisticated indirect prompt...
CamoLeak: How GitHub Copilot Chat Became a Data Exfiltration Channel
A sophisticated cybersecurity vulnerability dubbed "CamoLeak" has exposed how GitHub Copilot Chat, Microsoft's AI-powered coding assistant, could be manipulated into leaking sensitive data from...
Clipboard Data Leaks: How Employees Accidentally Expose Sensitive Data Through AI Tools
A disturbing new security trend is emerging in workplaces worldwide: employees are inadvertently leaking sensitive corporate data through generative AI tools by simply copying and pasting...
How the House Reversed Its Copilot Ban: A Blueprint for Secure AI in Government
The U.S. House of Representatives has lifted its year-old prohibition on Microsoft Copilot and will begin deploying the generative AI tool to members and staff under strict data-protection terms,...
Zenity Embeds Real-Time Attack Prevention Inside Microsoft Copilot Studio Agents
Microsoft Copilot Studio now supports a runtime monitoring API that enables third-party security platforms to inspect and block agent actions in real time, and Zenity has moved quickly to deliver...
Zenity Embeds Inline Attack Prevention in Microsoft Copilot Studio Agents
On May 22, 2025, Zenity unfurled an expanded integration with Microsoft Copilot Studio that embeds native, inline security controls directly into the execution path of enterprise AI agents. The move...