A significant vulnerability found in Google that allowed researchers to brute-force recovery phone numbers for Google accounts, creating a substantial risk for targeted phishing and SIM-swapping incidents. Another key topic is Microsoft Outlook's planned security enhancement to block additional risky attachment types, such as .library-ms and .search-ms files, starting in July 2025, which aims to counter their past use in malware and phishing schemes. Lastly, the sources describe the 'EchoLeak' attack, identified as the first zero-click AI vulnerability affecting Microsoft 365 Copilot, which enabled the exfiltration of sensitive data from a user's context without any interaction, highlighting a new category of large language model scope violations.