Cyber For AI Notes

[Sep 2025] First Real-World Zero-Click Prompt Injection Exploit in a Production LLM System

EchoLeak (CVE2025-32711), a zero-click prompt injection vulnerability in Microsoft 365 Copilot that enabled remote, unauthenticated data exfiltration via a single crafted email.

June 19, 2026

image