▸ An attacker chained a pull_request_target exploit, GitHub Actions cache poisoning, and OIDC token extraction to publish 84 malicious versions across 4...
▸ A GitHub issue (oven-sh/bun#30719, 317+ HN points) documents that Bun's new Rust codebase fails basic miri checks and contains undefined behavior in c...
▸ A blog post arguing for abandoning AI coding tools hit 737 points on HN, signaling growing practitioner disillusionment with AI-assisted development.
▸ Dutch suicide prevention service 113 Zelfmoordpreventie was found sharing website visitor data with tech companies without user consent.
▸ Nvidia's cuda-oxide compiles standard Rust directly to PTX — no DSLs, no C++ bindings, no CUDA C required.
▸ Debian's debian-devel-announce post formally requires all packages to be reproducibly buildable — upgrading from 'should' to 'must' in Debian Policy.
▸ The U.S. Department of Justice has demanded Apple and Google identify over 100,000 users who downloaded a car-tuning app suspected of enabling emissio...
▸ Bambu Lab is pursuing legal action against an OrcaSlicer developer, prompting right-to-repair advocate Louis Rossmann to publicly denounce the company...
▸ Canada's Bill C-22 reintroduces the core surveillance powers from the failed Bill C-26, granting the government authority to secretly order telecom pr...
▸ Software engineering job postings have dropped ~33% from their 2022 peak, junior roles hit hardest — this isn't a prediction, it's a trend with receip...
▸ France is advancing legislation that would require messaging platforms to provide law enforcement access to encrypted communications, effectively mand...
▸ Jeff Geerling documents how Bambu Lab built its 3D printer empire on GPL-licensed projects like Klipper, Marlin, and PrusaSlicer — then systematically...
▸ MIT President Sally Kornbluth disclosed a 20% decline in incoming graduate students, driven by federal funding cuts and chilling effects on internatio...
▸ Security researcher arkadiyt published a step-by-step guide to physically removing the cellular modem (DCM) and GPS module from a 2024 Toyota RAV4 Hyb...
▸ Meta is removing end-to-end encryption from Instagram direct messages, reversing a feature it spent years building and rolling out.
▸ The Internet Cleanup Foundation scanned European government domains and found ~3,000 sites with third-party trackers, ~1,000 exposed phpMyAdmin panels...
▸ CERT/CC is coordinating disclosure of six CVEs targeting dnsmasq, the lightweight DNS/DHCP server embedded in millions of routers, containers, and Lin...
▸ Fields Medalist Timothy Gowers published a detailed account of testing ChatGPT 5.5 Pro on mathematical problems, finding the model impressive on surfa...
▸ A grassroots campaign at savethearchive.com is pressuring the NYT, The Atlantic, and USA Today to stop legal actions that threaten the Wayback Machine...
▸ Mythos, an AI vulnerability-hunting tool, found a legitimate security flaw in curl — notable because curl maintainer Daniel Stenberg has been one of t...