By Team Latestly
EchoLeak, the first-ever zero-click vulnerability (CVE-2025-32711), was discovered by Aim Labs in Microsoft 365 Copilot AI. It allowed attackers to silently steal sensitive user data through hidden prompts in emails without user interaction. Microsoft has fixed the security flaw with a server-side update.