CVE-2025-32711 (“EchoLeak”) is a critical zero click prompt injection in Microsoft 365 Copilot that could exfiltrate org secrets. Read the technical breakdown, detection rules, IR playbook and mitigation guidance.
A phishing attack on a maintainer led to 18 npm packages shipping malware that hijacks browser wallet flows. Learn the timeline, IoCs of the npm supply chain attack 2025
