M365 Copilot AI Prompt Injection Attack Patched; Salesforce Misconfigurations Risk Data Leaks; Patch Tuesday: Microsoft and Adobe

Microsoft has addressed a "zero-click" attack chain in which Microsoft 365 (M365) Copilot's Retrieval-Augmented Generation (RAG) chatbot receives malicious instructions disguised as a typical email, causing it to "automatically exfiltrate sensitive and proprietary information from M365 Copilot context, without the user's awareness, or relying on any specific victim behavior." CVE-2025-32711, CVSS score 9.3, bypasses cross-prompt injection attack (XPIA) classifiers, external link redaction, Content-Security-Policy, and M365 Copilot's reference mentions. Aim Labs, who discovered this vulnerability (dubbed "EchoLeak"), state that while no exploitation in the wild has been observed, the relevant "general design flaws" of RAG-based AI may mean more applications are vulnerable. The researchers contend that "protecting AI applications requires introducing finer levels of granularity into current frameworks;" while the attack might be understood as Indirect Prompt Injection, Aim coins "LLM Scope Violation" to describe instructions that "make the LLM attend to trusted data in the model's context, without the user's explicit consent."

Salesforce has patched five zero-day flaws in OmniStudio before Spring '25/version 254, and has categorized 15 more flaws as risky "misconfigurations" that must be addressed by users, all of which were reported by Aaron Costello, Chief of Saas Security Research at AppOmni. Two zero days "require manual action to be taken by the customer in order to be remediated ... likely due to potential business impact:" CVE-2025-43967 exposes encrypted data in cleartext due to improper preservation of permissions in the DataMapper component; CVE-2025-43698 allows an attacker to bypass field level security controls for Salesforce objects due to improper preservation of permissions in the FlexCards component. The remaining three flaws have been patched via auto-update and are all improper preservation of permissions vulnerabilities affecting the FlexCards component: CVE-2025-43699 allows an attacker to bypass field level security controls for OmniUICard objects; CVE-2025-43700 exposes encrypted data in plaintext; and CVE-2025-43701 exposes Custom Settings data. Costello stresses the seriousness of risk from seemingly minor misconfigurations in Salesforce's low code platform, especially for organizations with compliance obligations such as HIPAA, GDPR, SOX, or PCI-DSS: "In industries where data sensitivity is high, [settings'] usability needs to be rebalanced with security rigor. [...] Apply the same scrutiny to industry cloud components that you would to any production code. Test, audit, and configure defensively."

On Tuesday, June 10, Microsoft released updates to address nearly 70 vulnerabilities in multiple products. One of the flaws (CVE-2025-33053), an important-severity remote code execution vulnerability in Web Distributed Authoring and Versioning (WEBDAV), is being actively exploited. A second flaw (CVE-2025-33073), a Windows SMB client privilege elevation vulnerability, was previously disclosed. Also on June 10, Adobe released updates to address more than 250 vulnerabilities, 225 of which affect Adobe Experience Manager (AEM). There are also updates for Adobe Acrobat Reader, Adobe Commerce, Adobe InDesign, Adobe InCopy, Adobe Substance 3D Sampler, and Adobe Substance 3D Painter.

Google and Mozilla have both published security advisories disclosing high-severity memory bugs in their browsers, two each, now patched in Chrome 137.0.7151.103/.104 for Windows and macOS, Chrome 137.0.7151.103 for Linux, and Firefox 139.0.4. CVE-2025-5958 allows a remote attacker to use a crafted HTML page to exploit heap corruption due to a use-after-free flaw in Media in Google Chrome; a researcher from the Ant Group Light-Year Security Lab reportedly received an $8,000 bounty for notifying Google of this flaw. CVE-2025-5959 allows a remote attacker to use a crafted HTML page to execute arbitrary code inside a sandbox due to a type confusion flaw in V8 in Google Chrome. CVE-2025-49709 could lead to memory corruption via certain canvas graphics rendering operations in Firefox. CVE-2025-49710 is an integer overflow in 'OrderedHashTable" used by Firefox's JavaScript engine. NVD CVSS scores have not been assigned, but all four flaws are judged by their respective companies to be high severity.

ConnectWise is rotating the code signing certificates for ScreenConnect, ConnectWise Automate, and ConnectWise RMM "due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions." The company is also releasing an update "to improve how this configuration data is managed in ScreenConnect." The on-premises builds for both Automate and ScreenConnect are available; on-premises customers are advised to ensure that they've updated to the latest build by Friday, June 13, 2025, at 8:00 p.m. ET (June 14, 12:00 a.m. UTC) "to avoid disruptions or degraded experience." ConnectWise is in the process of updating certificates and agents for cloud instances. The certificate rotation is unrelated to the nation-state cyberattack ConnectWise experienced in May of this year.

During the first four months of 2025, INTERPOL coordinated Operation Secure, which took down more than 20,000 malicious IP addresses and domains related to information stealers. Law enforcement agencies from 26 countries in Asia and Oceania worked to locate servers, map physical networks and execute targeted takedowns." Private sector firms Group-IB, Kaspersky, and Trend Micro also contributed by helping compile Cyber Activity Reports. In all, authorities seized 41 servers and 100 GB of data, making 32 arrests. They also notified more than 216,000 people that their data were compromised, urging them to change passwords, freeze accounts, and remove unauthorized access to accounts.

The Texas Department of Transportation (TxDOT) has published a press release and sample notification letter disclosing a data breach of the state's Crash Records Information System (CRIS) that took place on May 12, 2025. TxDOT disabled access to the compromised system account employed in the attack, but discovered that an unauthorized user had downloaded nearly 300,000 crash reports, containing personal information including "first and last name, mailing and/or physical address, driver's license number, license plate number, vehicle make and model, car insurance policy number," as well as information about injuries sustained and narratives of crashes. TxDOT says they are implementing preventative security measures to protect against future attacks. The notice does not specify the nature or scope of the attack, and notes that TxDOT is sending letters to notify affected individuals despite not being required by law to do so. The letters urge wariness with communications mentioning crash information or requesting personal information, recommending that those affected monitor and/or freeze credit and request a credit report fraud alert.

South Korea's Yes24, a platform that sells books as well as tickets to concerts, plays, and other events, has been experiencing an outage due to a ransomware attack since Monday, June 9. There are reports of events being postponed or cancelled. The company hopes to have service restored by Sunday, June 15. The incident is being investigated by the Personal Information Protection Commission, South Korea's data privacy watchdog. Yes24 was not immediately forthcoming with information in the wake of the attack. While they notified the Korea Internet & Security Agency on Monday afternoon, they initially publicly described the platform's outage as being due to system maintenance; the disclosure that it was because of a ransomware attack was made on Tuesday, June 10. On Thursday, June 12, Yes24 said it would notify people if their personal data were compromised in the attack.

After major operational disruptions and a data breach from a cyberattack in late April 2025, suspected but not confirmed to have been ransomware, UK retailer Marks & Spencer (M&S) has announced that customers in England, Scotland and Wales may now place online delivery orders for certain "best selling" items, with service to Northern Ireland still forthcoming. Only standard shipping is available, and shipping times have increased from before the attack. "Click & Collect" service remains unavailable. In May 2025, M&S estimated in a statement to the London Stock Exchange that profit losses as a result of the attack could amount to £300M (US$400M).

Denmark's Minister of Digitization has announced that the Ministry will move from Windows to Linux, switching their systems from Microsoft Office 365 to LibreOffice. Half the Ministry's employees will make the shift this summer; if all goes well, the remaining half will follow by this autumn. The shift is driven by the country's "digital sovereignty" digitization strategy, which calls for taking control of their own digital infrastructure, in part through a reduction in dependence on foreign tech providers. Two Danish cities -- Copenhagen, the country's capital, and Aarhus, the country's second-largest municipality -- recently announced their intentions to move away from Microsoft software and cloud services.