Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Simon Willison @simon@fedi.simonwillison.net

6/11/2025, 11:09:08 PM

Public

Your weekly reminder not to build LLM systems that combine access to private data with exposure to untrusted tokens and exfiltration vectors (the "lethal trifecta"). This time it was Microsoft 365 Copilot (now patched, they closed the exfiltration holes) https://simonwillison.net/2025/Jun/11/echoleak/

Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot

Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is now rolled out. This is an extended variant of the prompt injection exfiltration attacks we've …

simonwillison.net · Simon Willison’s Weblog

If you have a fediverse account, you can quote this note from your own instance. Search https://fedi.simonwillison.net/users/simon/statuses/114667247941595060 on your instance and quote it. (Note that quoting is not supported in Mastodon.)