Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Zero-Click Exploit. Show all posts
Zero-Click Exploit
AI agent vulnerabilities AI security threats AIjacking Microsoft Copilot Studio Prompt Injection Technology Zero-Click Exploit

AIjacking Threat Exposed: How Hackers Hijacked Microsoft’s Copilot Agent Without a Single Click

 

Imagine this — a customer service AI agent receives an email and, within seconds, secretly extracts your entire customer database and sends it to a hacker. No clicks, no downloads, no alerts.

Security researchers recently showcased this chilling scenario with a Microsoft Copilot Studio agent. The exploit worked through prompt injection, a manipulation technique where attackers hide malicious instructions in ordinary-looking text inputs.

As companies rush to integrate AI agents into customer service, analytics, and software development, they’re opening up new risks that traditional cybersecurity tools can’t fully protect against. For developers and data teams, understanding AIjacking — the hijacking of AI systems through deceptive prompts — has become crucial.

In simple terms, AIjacking occurs when attackers use natural language to trick AI systems into executing commands that bypass their programmed restrictions. These malicious prompts can be buried in anything the AI reads — an email, a chat message, a document — and the system can’t reliably tell the difference between a real instruction and a hidden attack.

Unlike conventional hacks that exploit software bugs, AIjacking leverages the very nature of large language models. These models follow contextual language instructions — whether those instructions come from a legitimate user or a hacker.

The Microsoft Copilot Studio incident illustrates the stakes clearly. Researchers sent emails embedded with hidden prompt injections to an AI-powered customer service agent that had CRM access. Once the agent read the emails, it followed the instructions, extracted sensitive data, and emailed it back to the attacker — all autonomously. This was a true zero-click exploit.

Traditional cyberattacks often rely on tricking users into clicking malicious links or opening dangerous attachments. AIjacking requires no such action — the AI processes inputs automatically, which is both its greatest strength and its biggest vulnerability.

Old-school defenses like firewalls, antivirus software, and input validation protect against code-level threats like SQL injection or XSS attacks. But AIjacking is a different beast — it targets the language understanding capability itself, not the code.

Because malicious prompts can be written in infinite variations — in different tones, formats, or even languages — it’s impossible to build a simple “bad input” blacklist that prevents all attacks.

When Microsoft fixed the Copilot Studio flaw, they added prompt injection classifiers, but these have limitations. Block one phrasing, and attackers simply reword their prompts.

AI agents are typically granted broad permissions to perform useful tasks — querying databases, sending emails, and calling APIs. But when hijacked, those same permissions become a weapon, allowing the agent to carry out unauthorized operations in seconds.

Security tools can’t easily detect a well-crafted malicious prompt that looks like normal text. Antivirus programs don’t recognize adversarial inputs that exploit AI behavior. What’s needed are new defense strategies tailored to AI systems.

The biggest risk lies in data exfiltration. In Microsoft’s test, the hijacked AI extracted entire customer records from the CRM. Scaled up, that could mean millions of records lost in moments.

Beyond data theft, hijacked agents could send fake emails from your company, initiate fraudulent transactions, or abuse APIs — all using legitimate credentials. Because the AI acts within its normal permissions, the attack is almost indistinguishable from authorized activity.

Privilege escalation amplifies the damage. Since most AI agents need elevated access — for instance, customer service bots read user data, while dev assistants access codebases — a single hijack can expose multiple internal systems.

Many organizations wrongly assume that existing cybersecurity systems already protect them. But prompt injection bypasses these controls entirely. Any text input the AI processes can serve as an attack vector.

To defend against AIjacking, a multi-layered security strategy is essential:

  1. Input validation & authentication: Don’t let AI agents auto-respond to unverified external inputs. Only allow trusted senders and authenticated users.
  2. Least privilege access: Give agents only the permissions necessary for their task — never full database or write access unless essential.
  3. Human-in-the-loop approval: Require manual confirmation before agents perform sensitive tasks like large data exports or financial transactions.
  4. Logging & monitoring: Track agent behavior and flag unusual actions, such as accessing large volumes of data or contacting new external addresses.
  5. System design & isolation: Keep AI agents away from production databases, use read-only replicas, and apply rate limits to contain damage.

Security testing should also include adversarial prompt testing, where developers actively try to manipulate the AI to find weaknesses before attackers do.

AIjacking marks a new era in cybersecurity. It’s not hypothetical — it’s happening now. But layered defense strategies — from input authentication to human oversight — can help organizations deploy AI safely. Those who take action now will be better equipped to protect both their systems and their users.
Read more »
Zero-Click Exploit
cybersecurity threat Digital Espionage iOS Vulnerability Mobile Security Remote Code Execution Spyware Attack Vulnerabilities and Exploits vulnerability patch WhatsApp Security Zero-Click Exploit

Critical WhatsApp Zero Click Vulnerability Abused with DNG Payload

 


It has been reported that attackers are actively exploiting a recently discovered vulnerability in WhatsApp's iOS application as a part of a sophisticated cyber campaign that underscores how zero-day vulnerabilities are becoming weaponised in today's cyber warfare. With the zero-click exploit identified as CVE-2025-55177 with a CVSS score of 5.4, malicious actors can execute unauthorised content processing based on any URL on a victim's device without the need for user interaction whatsoever. 

A vulnerability referred to as CVE-2025-55177 provides threat actors with a way to manipulate WhatsApp's synchronization process, so they may force WhatsApp to process attacker-controlled content during device linking when they manipulate the WhatsApp synchronization process. 

Even though the vulnerability could have allowed crafted content to be injected or disrupted services, its real danger arose when it was combined with Apple's CVE-2025-43300, another security flaw that affects the ImageIO framework, which parses image files. In addition to this, there were also two other vulnerabilities in iOS and Mac OS that allowed out-of-bounds memory writing, which resulted in remote code execution across these systems. 

The combination of these weaknesses created a very powerful exploit chain that could deliver malicious images through the incoming message of a WhatsApp message, causing infection without the victim ever having to click, tap or interact with anything at all—a quintessential zero-click attack scenario. Investigators found that the targeting of the victims was intentional and highly selective. 

In the past, WhatsApp has confirmed that it has notified fewer than 200 people about potential threats in its apps, a number that is similar to earlier mercenary spyware operations targeting high-value users. Apple has also acknowledged active exploitation in the wild and has issued security advisories concurrently. 

Researchers from Amnesty International noted that, despite initial signs suggesting limited probing of Android devices, this campaign was mainly concerned with Apple's iOS and macOS ecosystems, and therefore was focused on those two ecosystems mainly. The implications are particularly severe for businesses.

Corporate executives, legal teams, and employees with privileged access to confidential intellectual property are at risk of being spied on or exfiltrated through using WhatsApp on their work devices, which represents a direct and potentially invisible entry point into corporate data systems. 

Cybersecurity and Infrastructure Security Agency (CISA) officials say that the vulnerability was caused by an "incomplete authorisation of linked device synchronisation messages" that existed in WhatsApp for iOS versions before version 2.25.2.173, WhatsApp Business for iOS versions of 2.25.1.78, and WhatsApp for Mac versions of 2.25.21.78. 

This flaw is believed to have been exploited by researchers as part of a complex exploit chain, which was created using the flaw in conjunction with a previously patched iOS vulnerability known as CVE-2025-43300, allowing for the delivery of spyware onto targeted devices. A U.S. government advisory has been issued urging federal employees to update their Apple devices immediately because the campaign has reportedly affected approximately 200 people. 

A new discovery adds to the growing body of evidence that advanced cyber threat actors increasingly rely on chaining multiple zero-day exploits to circumvent hardened defences and compromise remote devices. In 2024, Google's Threat Analysis Group reported 75 zero-day exploits that were actively exploited, a figure that reflects how the scale of these attacks is accelerating. 

This stealthy intrusion method continues to dominate as the year 2025 unfolds, resulting in nearly one-third of all recorded compromise attempts worldwide occurring this year. It is important for cybersecurity experts to remind us that the WhatsApp incident demonstrates once more the fragility of digital trust, even when it comes to encrypting platforms once considered to be secure. 

It has been uncovered that the attackers exploited a subtle logic flaw in WhatsApp’s device-linking system, allowing them to disguise malicious content to appear as if it was originating from the user’s own paired device, according to a technical analysis.

Through this vulnerability, a specially crafted Digital Negative (DNG) file could be delivered, which, once processed automatically by the application, could cause a series of memory corruption events that would result in remote code execution. Researchers at DarkNavyOrg have demonstrated the proof-of-concept in its fullest sense, showing how an automated script is capable of authenticating, generating the malicious DNG payload, and sending it to the intended victim without triggering any security alerts. 

In order to take advantage of the exploit, there are no visible warnings, notification pop-ups, or message notifications displayed on the user's screen. This allows attackers to gain access to messages, media, microphones, and cameras unrestrictedly, and even install spyware undetected. It has been reported to WhatsApp and Apple that the vulnerability has been found, and patches have been released to mitigate the risks. 

Despite this, security experts recommend that users install the latest updates immediately and be cautious when using unsolicited media files—even those seemingly sent by trusted contacts. In the meantime, organisations should ensure that endpoint monitoring is strengthened, that mobile device management controls are enforced, and that anomalous messaging behaviour is closely tracked until the remediation has been completed. 

There is a clear need for robust input validation, secure file handling protocols, and timely security updates to prevent silent but highly destructive attacks targeting mainstream communication platforms that can be carried out against mainstream communication platforms due to the incident. Cyber adversaries have, for a long time, been targeting companies such as WhatsApp, and WhatsApp is no exception. 

It is noteworthy that despite the platform's strong security framework and end-to-end encryption, threat actors are still hunting for new vulnerabilities to exploit. Although there are several different cyberattack types, security experts emphasise that zero-click exploits remain the most insidious, since they can compromise devices without the user having to do anything. 

V4WEB Cybersecurity founder, Riteh Bhatia, made an explanation for V4WEB's recent WhatsApp advisory, explaining that it pertains to one of these zero-click exploits--a method of attacking that does not require a victim to click, download, or applaud during the attack. Bhatia explained that, unlike phishing, where a user is required to click on a malicious link, zero-click attacks operate silently, working in the background. 

According to Bhatia, the attackers used a vulnerability in WhatsApp as well as a vulnerability in Apple's iOS to hack into targeted devices through a chain of vulnerabilities. He explained to Entrepreneur India that this process is known as chaining vulnerabilities. 

Chaining vulnerabilities allows one weakness to provide entry while the other provides control of the system as a whole. Further, Bharatia stressed that spyware deployed by these methods is capable of doing a wide range of invasive functions, such as reading messages, listening through the microphone, tracking location, and accessing the camera in real time, in addition to other invasive actions. 

As a warning sign, users might notice excessive battery drain, overheating, unusual data usage, or unexpected system crashes, all of which may indicate that the user's system is not performing optimally. Likewise, Anirudh Batra, a senior security researcher at CloudSEK, stated that zero-click vulnerabilities represent the "holy grail" for hackers, as they can be exploited seamlessly even on fully updated and ostensibly secure devices without any intervention from the target, and no action is necessary on their part.

If this vulnerability is exploited effectively, attackers will be able to have full control over the targeted devices, which will allow them to access sensitive data, monitor communications, and deploy additional malware, all without the appearance of any ill effect. As a result of this incident, it emphasises that security risks associated with complex file formats and cross-platform messaging apps persist, since flaws in file parsers continue to serve as common pathways for remote code execution.

There is a continuing investigation going on by DarkNavyOrg, including one looking into a Samsung vulnerability (CVE-2025-21043), which has been identified as a potential security concern. There was a warning from both WhatsApp and Apple that users should update their operating systems and applications immediately, and Meta confirmed that less than 200 users were notified of in-app threats. 

It has been reported that some journalists, activists, and other public figures have been targeted. Meta's spokesperson Emily Westcott stressed how important it is for users to keep their devices current and to enable WhatsApp's privacy and security features. Furthermore, Amnesty International has also noted possible Android infections and is currently conducting further investigation. 

In the past, similar spyware operations occurred, such as WhatsApp's lawsuit against Israel's NSO Group in 2019, which allegedly targeted 1,400 users with the Pegasus spyware, which later became famous for its role in global cyberespionage. While sanctions and international scrutiny have been applied to such surveillance operations, they continue to evolve, reflecting the persistent threat that advanced mobile exploits continue to pose. 

There is no doubt that the latest revelations are highlighting the need for individuals and organisations to prioritise proactive cyber security measures rather than reactive ones, as zero-click exploits are becoming more sophisticated, the traditional boundaries of digital security—once relying solely on the caution of users—are eroding rapidly. It has become increasingly important for organisations to keep constant vigilance, update their software quickly, and employ layered defence strategies to protect both their personal and business information. 

Organisations need to invest in threat intelligence solutions, continuous monitoring systems, and regular mobile security audits if they want to be on the lookout for potential threats early on. In order for individual users to reduce their exposure, they need to maintain the latest version of their devices and applications, enable built-in privacy protections, and avoid unnecessary third-party integrations. 

The WhatsApp exploit is an important reminder that even trusted, encrypted platforms may be compromised at some point. The cyber espionage industry is evolving into a silent and targeted operation, and digital trust must be reinforced through transparent processes, rapid patching, and global cooperation between tech companies and regulators. A strong defence against invisible intrusions still resides in awareness and timely action.
Read more »
Subscribe to: Comments (Atom)