frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Microsoft Copilot Cowork Exfiltrates Files

https://www.promptarmor.com/resources/microsoft-copilot-cowork-exfiltrates-files
89•Kneenex•1h ago

Comments

2001zhaozhao•37m ago
AKA, if a malicious skill got into your AI agent, you're cooked.

I think this isn't surprising, nor do I think it should be considered a prompt injection at all. An AI skill is akin to a plugin for traditional software - if you install a malicious IDE extension or Outlook plugin, the attacker can also do whatever they want to the PC and exfiltrate whatever data they want to. So this article is a big nothingburger.

Jabrov•33m ago
It's yet another surface for dependency attacks
aabhay•33m ago
Its actually even worse — its advertising for their product
nico•33m ago
I wonder if via-skill could become a software distribution channel. A bit like what has happened with LLM wiki
cyanydeez•29m ago
ai skill is not just a plugin. given the right model, supposedly, it can do much more. since everyones harness tends to be tied to the model, it has a whole tool set to use.
0gs•25m ago
i think people are probably already doing it. i made a skill scanner but it's also just easy to download a zip and inspect the contents... but people are loading these things remotely. i agree that it is easy to not install a pentester's magic skill, but the attack capabilities a skill can have are pretty insane. people should just make their own is my pov.
SpicyLemonZest•19m ago
Unlike plugins in traditional software, skills do not represent a carveout from any security boundary nor run with elevated trust. They're just selectively loaded context. Anything you can convince an agent to do with a skill you can convince it to do without one.
mdavidn•12m ago
If this can be exploited via a skill, then it can be exploited via untrusted input inserted into context. Does Cowork help with reading email?
bberenberg•7m ago
Only if it has access to exfiltrate data. We deny by default and the company has to allowlist each individual destination.
hansmayer•34m ago
Well, isn't that swell - good that meanwhile countless MBA cretins have "adopted" enterprise-wide Copilot integrations, to make their companies "AI native" or whatever the word is on LinkedinLunatics street these days.
bestony•29m ago
感觉
bestony•29m ago
Large-scale adoption will take time; we still need a lot more infrastructure, such as security, auditing, and payment systems.
arjie•24m ago
A skill is just a program for an LLM agent. This just seems like works-as-expected. Are the five lines in the skill notably innocuous or something? I don't mean to dismiss it out of hand but I don't understand what happened here because it seems to read "`curl $url | bash` can exfiltrate data" which seems pretty straightforward that it can.
mdavidn•4m ago
A skill is just instructions that the agent can autonomously copy into context. There’s no trust boundary between trusted and untrusted context.
Quothling•14m ago
Nice find. We're PoCing Cowork and I've personally been impressed with it so far, but it seems we'll have to wait with a wider rollout until Microoft give us more admin feature to turn off what users can do with it.

> Note: Admins have limited oversight of ‘Skills’, as Skills in Copilot Cowork are automatically loaded from a specific path in a user’s OneDrive.

I feel this part is a bit disingenuous. We have full control over the sharepoint containers which house users personal onedrives. We actively scan them and prevent a lot of files from getting in them. That being said, it's still a fair point, because a "skill" could basically be a text file.

pwarner•13m ago
MS rushed this to production, sure they call it a beta feature but it's clear it was super rushed. They're desperate to be relevant.
Awsum_IceCream•12m ago
Ah yes, hackers capitalizing on human's laziness. Always ggwp.
TZubiri•9m ago
But maybe we can like invent a program that will avoid the consequences of laziness while allowing us the benefits of the shortcuts!

Here's my repo for running copilot in a vm

github.com/gokuvegeta894/node-copilot-vm

(Fake link, if someone typosquats the above link and it exists, assume it's malware)

Microsoft Copilot Cowork Exfiltrates Files

https://www.promptarmor.com/resources/microsoft-copilot-cowork-exfiltrates-files
97•Kneenex•1h ago•17 comments

Norway's 2 petabytes of Huawei flash storage and LLM training

https://www.blocksandfiles.com/flash/2026/05/22/norways-2-petabytes-of-huawei-flash-storage-and-l...
111•rbanffy•3h ago•55 comments

Exit IP VPN servers mitigation rollout

https://mullvad.net/en/help/exit-ip-vpn-servers-mitigation-rollout
229•Cider9986•5h ago•36 comments

California moves to exempt Linux from its age-verification law after backlash

https://www.tomshardware.com/software/linux/california-moves-to-exempt-linux-from-its-upcoming-ag...
503•rbanffy•4h ago•226 comments

Show HN: Write your BPF programs in Go, not C

https://github.com/boratanrikulu/gobee
36•boratanrikulu•4d ago•21 comments

Magnifica Humanitas

https://www.vatican.va/content/leo-xiv/en/encyclicals/documents/20260515-magnifica-humanitas.html
1260•theletterf•13h ago•702 comments

Ninth Circuit Panel Goes Out of Its Way to Question Section 230–DOE vs. Meta

https://blog.ericgoldman.org/archives/2026/05/ninth-circuit-panel-goes-out-of-its-way-to-question...
21•hn_acker•2h ago•9 comments

Hacker News front page as a site

https://thefrontpage.dev/
43•thatxliner•3h ago•20 comments

Toshifumi Suzuki, founder of Seven-Eleven Japan, has died

https://www.referenceforbusiness.com/biography/S-Z/Suzuki-Toshifumi-1932.html
88•L_Rahman•6h ago•34 comments

Show HN: OpenBrief – Local-first video downloader/summarizer

https://github.com/tantara/openbrief
6•tantara•1h ago•0 comments

Jensen–Shannon Divergence

https://en.wikipedia.org/wiki/Jensen%E2%80%93Shannon_divergence
53•teleforce•3d ago•6 comments

C extensions, portability, and alternative compilers

https://lemon.rip/w/6-c-extensions-compilers/
126•xngbuilds•8h ago•46 comments

Canada losing top talent as workers head to the U.S.

https://www.bnnbloomberg.ca/investing/market-outlook/2026/05/25/market-outlook-canada-losing-top-...
19•leopoldj•30m ago•4 comments

Yoti age checks share facial photos and device fingerprints with third parties

https://techxplore.com/news/2026-05-online-age-pointless-privacy.html
66•Lihh27•2h ago•14 comments

Everyone Against Us (2023)

https://www.chicagomag.com/chicago-magazine/april-2023/everyone-against-us/
47•NaOH•5d ago•4 comments

Weave (YC W25) is hiring ML, AI, product, & design engineers

https://jobs.ashbyhq.com/workweave
1•adchurch•4h ago

Japan's New Hypersonic Engine Could Make 2-Hour Flights to the US a Reality

https://www.bgr.com/2178211/japan-hypersonic-engine-ramjet-2-hour-flights-to-us/
81•rmason•3h ago•61 comments

Launch HN: Chert (YC P26) – Twilio for iMessage

https://www.trychert.com
47•garygao•8h ago•165 comments

Riscrithm – An intuitive RISC-V assembler and optimizer coded in Go

https://github.com/ghetea-patrick/riscrithm
9•patrick-ghetea•2h ago•1 comments

Gnutella: A Protocol Outliving the World That Created It

https://rickcarlino.com/notes/p2p/gnutella-explanation.html
193•rickcarlino•3d ago•62 comments

IBM Spins Off the First Pure-Play Quantum Chip Foundry

https://futurumgroup.com/insights/2-billion-chips-act-investment-in-quantum-bets-on-ibms-300mm-su...
132•rbanffy•13h ago•54 comments

Building an AWS Lambda-Like Runtime with Firecracker MicroVMs

https://medium.com/@vivek1502/building-an-aws-lambda-like-runtime-with-firecracker-microvms-42a41...
11•nreece•2d ago•2 comments

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

https://krebsonsecurity.com/2026/05/netherlands-seizes-800-servers-arrests-2-for-aiding-cyberatta...
251•jruohonen•9h ago•68 comments

CPPL: A Circuit Prompt Programming Language

https://arxiv.org/abs/2605.17892
26•chrsw•4d ago•6 comments

Ferrari Luce, Maranello's first ever electric car

https://www.topgear.com/car-news/electric/its-finally-here-meet-ferrari-luce-maranellos-first-eve...
24•sz4kerto•1h ago•28 comments

Didgeridoo playing as alternative treatment for obstructive sleep apnoea (2006)

https://pmc.ncbi.nlm.nih.gov/articles/PMC1360393/
305•kelseyfrog•2d ago•147 comments

The bootstrapper's EU stack for under €10 per month

https://eualternative.eu/guides/bootstrapper-free-tier-eu-stack/
180•sparkling•4h ago•67 comments

Show HN: Audiomass – a free, open-source multitrack audio editor for the web

https://audiomass.co/?multitrack=1
506•pantelisk•1d ago•110 comments

DeepSeek reasonix, DeepSeek native coding agent with high caching and low cost

https://esengine.github.io/DeepSeek-Reasonix/
702•Alifatisk•1d ago•271 comments

Migrating from Go to Rust

https://corrode.dev/learn/migration-guides/go-to-rust/
446•jabits•1d ago•455 comments