▸ Google Project Zero published a full 0-click exploit chain targeting Pixel 10 devices — no user interaction required for complete device compromise.
▸ Bun's experimental Rust rewrite passes 99.8% of the existing test suite on Linux x64 glibc, signaling the Zig-to-Rust migration is far more than a pro...
▸ A California bill would require publishers to release patches enabling offline play — or issue refunds — when shutting down online game servers.
▸ Android leaks traffic outside VPN tunnels even with 'Always-on VPN' and 'Block connections without VPN' enabled — including connectivity checks and DN...
▸ Anthropic's Agent Skills spec — a folder with a SKILL.md file — has been adopted by Cursor, GitHub Copilot, OpenAI Codex, Gemini CLI, and 30+ other ag...
▸ Meta's all-in AI reorg is reportedly demoralizing employees across non-AI teams as headcount, prestige, and resources shift to generative AI projects.
▸ Mullvad's small pool of exit IPs combined with its tiny user base means websites can narrow 'anonymous' VPN users to a remarkably small anonymity set.
▸ Simon Willison argues that agentic engineering workflows are exhibiting the same 'trust the AI, skip the review' patterns that define vibe coding — ju...
▸ GitLab is retiring its CREDIT values (Collaboration, Results, Efficiency, Diversity Inclusion & Belonging, Iteration, Transparency) — the cultural fra...
▸ Turso, the libSQL edge database company, is shutting down its bug bounty program because AI-generated vulnerability reports have made it unsustainable...
▸ An attacker exploited pull_request_target, GitHub Actions cache poisoning, and OIDC token extraction to publish 84 malicious versions across 42 @tanst...
▸ A unix.foo post arguing local AI should be the default — not the exception — hit 1,200+ points on HN, the highest signal we've seen on this topic in m...
▸ Senior developers routinely undermine their own influence by defaulting to implementation details when stakeholders need context, tradeoffs, and recom...
▸ Cactus Compute distilled Gemini's tool-calling capability into Needle, a 26M-parameter model that runs at 6,000 tok/s prefill and 1,200 tok/s decode o...
▸ Apple and Intel have reached a preliminary agreement for Intel to manufacture some Apple-designed chips — the first major customer win for Intel's str...
▸ Hardware attestation APIs (Play Integrity, App Attest) let apps verify you're running stock OS — effectively banning alternative Android distributions...
▸ Developers using Claude Code are discovering that single-file HTML apps — inline CSS, vanilla JS, zero dependencies — produce surprisingly polished re...
▸ A new Nginx exploit called 'Nginx-Rift' has been publicly disclosed via GitHub by security research group DepthFirstDisclosures, with a proof-of-conce...
▸ A zero-day exploit called YellowKey can bypass BitLocker full-disk encryption using only files loaded onto a USB drive — no hardware mods, no solderin...
▸ Timothy Gowers — Fields Medal winner and one of math's sharpest living minds — published a detailed assessment of ChatGPT 5.5 Pro's mathematical reaso...