Microsoft Copilot Cowork Enables File Exfiltration via EchoLeak | Let's Data Science
Source: Letsdatascience
Published:
<p>Multiple security firms report that Microsoft 365 Copilot's Cowork feature can be abused to exfiltrate files through indirect prompt injection. Truesec and Varonis describe a zero-click exploit called EchoLeak; Truesec reports the issue was assigned CVE-2025-32711 with a CVSS 9.3 rating and has b