Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Mike Sheward @SecureOwl@infosec.exchange

1/8/2026, 3:26:01 AM

Public

As I suspected it probably would be, my bug bounty submission of using an AI email summarizer was closed as being 'infeasible' and an 'acceptable risk' with AI.

But still - I think it's an interesting finding, so I have written it up thus: https://mike-sheward.medium.com/recruiting-google-geminis-email-summarizer-as-a-phishing-aid-417055295ba7

TL;DR = I discovered how you can use Google Workspace's Google Gemini Email Summarizer to make a phishing attack seem more convincing, because it summarizes hidden content.

#infosec #ai #llm

Recruiting Google Gemini’s Email Summarizer as a Phishing Aid

Note: I originally disclosed these findings to the Google AI Bug Bounty (or VRP program), but they rejected them as being a non-qualified…

mike-sheward.medium.com · Medium

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/SecureOwl/statuses/115857343223165998 on your instance and quote it. (Note that quoting is not supported in Mastodon.)