Apr 03
thehackernews.com
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
Zero Tweet
Apr 03
fortune.com
Mercor, a $10B AI startup confirms major data breach
2 points
Discussion
Apr 03
thehackernews.com
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Apr 03
thehackernews.com
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Apr 03
www.theregister.com
They thought they were downloading Claude Code source
1 point
Discussion
Apr 03
SkillCompass is a local evaluation engine for Claude Code and OpenClaw that scores AI agent skills across six dimensions. It identifies the weakest area, fixes it, and moves to the next while detecting when skills become obsolete. The tool runs locally and requires Node.js v18+.
github.com
Show HN: SkillCompass – Diagnose and Improve AI Agent Skills Across 6 Dimensions
2 points
Discussion
Apr 03
www.thedailybeast.com
Pentagon Pete's Bigoted Reason for Firing Top General Leaks
4 points
Discussion
Apr 03
realarcherl.github.io
Can servers use elicitation for HITL scenarios?
1 point
Discussion
Apr 03
opensource.microsoft.com
Open-source runtime security toolkit for autonomous AI agents covering OWASP Top
1 point
Discussion
Apr 03
The article details the discovery of a supply chain attack on the Axios library, highlighting the technical investigation and the difficulties faced during responsible disclosure. Engagement is likely High given the critical nature of the software. Comments show appreciation for the researchers but frustration regarding the unresponsiveness of npmjs security channels.
www.elastic.co
How we caught the Axios supply chain attack
Apr 02
Trytet is a deterministic WebAssembly substrate designed to solve state and geography constraints for autonomous AI agents. It allows developers to snapshot, hibernate, or migrate agent execution state to edge nodes, enabling sub-millisecond, zero-trust execution without losing context. The project also includes a new Context Router to manage LLM context limits efficiently.
trytet.com
Show HN: Trytet – Deterministic WASM substrate for stateful AI agents
2 points
Discussion
Apr 02
nodejs.org
Node.js Security Bug Bounty Program Paused Due to Loss of Funding
1 point
Discussion
Apr 02
Nepalese guides and trekking companies are running a sophisticated insurance fraud scheme by deliberately poisoning or frightening tourists into fake helicopter evacuations, then billing insurers inflated amounts. Methods include mixing baking powder into food, inducing altitude sickness symptoms through excessive water intake, and fabricating medical records while hospitals and operators collect massive commissions. The scam has persisted despite government investigations and reforms announced in 2018.
news.slashdot.org
Mount Everest Climbers 'Poisoned' By Guides In Insurance Fraud Scheme
Apr 02
Google released Gemma 4 open models, including a 31B dense and 26B MoE variant that users find competitive with Qwen 3.5 for local inference. The community discusses quantization, hardware requirements, and multimodal capabilities while debating the validity of Google's benchmark claims. Engagement is High, featuring active participation from developers and detailed technical analysis. Comments are enthusiastic but pragmatic, focusing on practical performance and tool integration.
deepmind.google
Google releases Gemma 4 open models
Apr 02
Denuvo's DRM protection has been bypassed again, with the company promising new countermeasures. An industry insider explains that while all DRM can eventually be cracked, publishers use it to delay piracy during the critical first 14-30 days when most revenue is made, forcing impatient pirates to convert to paying customers. The commenter notes that paying customers ultimately suffer through performance hits and monitoring while pirates eventually get cleaner versions.
www.tomshardware.com
Denuvo has been broken, company promises countermeasures against new DRM bypass
Apr 02
securityaffairs.com
Spyware Vendor Creates Fake WhatsApp App
1 point
Discussion
Apr 02
The author released ehAye Engine, a local-first agent environment with Dojo Agents that provides a unified interface for working with multiple coding tools and AI providers. It features multi-provider support, Telegram integration, browser automation, and privacy-focused design. The project was released early due to the Claude Code leak and aims to let users mix providers and workflows rather than lock into one ecosystem.
ehaye.io
Show HN: Claude Code leak forced this early – Dojo dual agents vs. Claude/Codex
1 point
Discussion
Apr 02
www.upguard.com
UpGuard Discovers a Chinese Dark Web Monitoring Database
1 point
Discussion
Apr 03
thehackernews.com
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Apr 02
IBM and Arm are partnering to enable Arm-based software to run on IBM Z mainframes through virtualization, targeting regulated industries that can't move workloads to the cloud. The collaboration focuses on security compliance, virtualization tools, and common technology layers, addressing a gap where mainframe customers missed out on Arm's efficiency gains already benefiting hyperscalers.
slashdot.org
IBM Teams Up With Arm To Run Arm Workloads On IBM Z Mainframes
Apr 02
The author has updated Shazzer's collection view with a new feature that allows users to expand results directly below the vector. This improvement makes it easier to view and analyze the data within each collection entry.
bsky.app
Apr 02
www.sabrina.dev
Analyzing Claude Code source leak
1 point
Discussion
Apr 02
arstechnica.com
New Rowhammer attacks give complete control of machines running Nvidia GPUs
3 points
Discussion
Apr 02
www.scientificamerican.com
Anthropic leak reveals Claude Code tracking user frustration
Apr 02
LinkedIn scans Chrome-based browsers for thousands of specific installed extensions, revealing sensitive data such as religious beliefs, political opinions, and job search activity without user consent. This practice raises significant legal concerns under GDPR and highlights how browser fingerprinting techniques can be used for invasive profiling.
browsergate.eu
LinkedIn Is Illegally Searching Your Computer
Apr 02
www.oasis.security
Claude.ai Prompt Injection Vulnerability
2 points
Discussion
Apr 02
ICE Acting Director Todd Lyons confirmed to lawmakers that the agency purchased and deployed Paragon Solutions' spyware for drug trafficking investigations, claiming it complies with constitutional requirements. The contract, signed in 2024 and reactivated in September 2025 after a Biden administration review, has drawn criticism from lawmakers concerned about civil rights risks—especially given Paragon's involvement in a scandal where journalists and activists in Italy were targeted.
techcrunch.com
ICE says it bought Paragon’s spyware to use in drug trafficking cases
Apr 02
thehackernews.com
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
Apr 02
www.phoronix.com
Libinput Hit by Worrying Security Issues with Its Lua Plug-In System
Apr 02
tldrsec.com
[tl;dr sec] #322 - GitHub's Supply Chain Roadmap, Scaling Vulnerability Management with AI, Finding Vulnerabilities Across Repos
Apr 02
The author spent a year building a "Dream Engine" to solve agent statelessness and open-sourced it on March 28th. 48 hours later, the Claude Code leak revealed an internal "autoDream" feature with identical 4-phase consolidation logic. They're now seeking a technical audit of their memory decay logic to ensure it won't bottleneck at scale with 100+ nodes.
github.com
Show HN: Local-first agent memory loop 48hrs before the Claude Code leak
1 point
Discussion
Apr 01
Artemis II successfully launched four astronauts on the first crewed mission beyond low Earth orbit since 1972, conducting a lunar flyby before returning to Earth. The mission tests Orion spacecraft systems for future lunar landings under the Artemis program. High engagement with extensive technical discussion. Mixed sentiment: many express excitement and inspiration at returning humans to deep space, while others raise concerns about heat shield safety, program costs, political context, and question the value compared to robotic missions or other priorities.
www.nasa.gov
Artemis II Launch Day Updates
Apr 02
This is a Show HN post introducing an open-source PGP browser extension designed to make encryption more user-friendly with passkeys as the primary flow, zero permissions required, and no external server calls. The tool allows users to choose between synced storage or fully local storage, uses SequoiaPGP compiled to WASM for cryptography, and supports drag-and-drop file encryption. The creator built it to streamline their own workflow for encrypting vulnerability reports after finding existing solutions cumbersome.
chromewebstore.google.com
Show HN: PGP Made Convenient
1 point
Discussion
Mar 20
The article advocates for a "wait and see" approach to new technologies like AI, arguing that early adoption is often a tax on one's time compared to learning mature tools later. Engagement is High, with a massive volume of detailed comments debating the premise. The sentiment is polarized; many agree with the skepticism towards hype cycles, while others argue that AI is uniquely transformative and waiting risks professional obsolescence.
shkspr.mobi
I'm OK being left behind, thanks
Apr 02
cloud.google.com
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
1 point
Discussion
Apr 02
thehackernews.com
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
Apr 02
epthinktank.eu
Declining Global Security
Apr 02
github.com
Forensic analysis of 37GB data loss caused by Cursor AI Agent
Apr 02
The author created open-agent-sdk by extracting core logic from Claude Code's leaked source map, offering a cloud-native alternative to the official SDK. This open-source version uses pure function calls instead of spawning CLI processes, improving scalability for heavy cloud deployments. It is MIT licensed and designed as a drop-in replacement for the existing claude-agent-sdk interface.
github.com
Show HN: Open-agent-SDK – Claude Code's internals, extracted and open-sourced
1 point
Discussion
Apr 02
build.ms
The Claude Code Leak
1 point
Discussion
Apr 01
skilldb.dev
What Claude Code Leak Teaches Us About Agent Skills
2 points
Discussion
Apr 01
thehackernews.com
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
Apr 01
www.macrumors.com
Apple Issues Rare iOS 18 Security Update to Protect Against DarkSword Exploit
1 point
Discussion
Apr 01
This article explores whether "hackback" - private companies retaliating against cyber attackers - has become official US policy. The piece likely examines the legal and strategic implications of shifting cyber defense responsibilities from government to private entities.
www.schneier.com
Is "Hackback" Official US Cybersecurity Strategy?
Apr 01
Anthropic issued copyright takedown notices to remove 8,000+ copies of Claude Code source code that was accidentally leaked on GitHub. The code contained interesting features like a "dreaming" process for memory consolidation and instructions to operate "undercover" when publishing code. After the takedown requests, another programmer used AI tools to rewrite the functionality in other languages to keep it available.
developers.slashdot.org
Anthropic Issues Copyright Takedown Requests To Remove 8,000+ Copies of Claude Code Source Code
Apr 01
www.sciencenews.org
Quantum physics can confirm where someone is located
Apr 01
github.com
Show HN: Real-time dashboard for Claude Code agent teams
Apr 01
www.wsj.com
Anthropic Races to Contain Leak of Code Behind Claude AI Agent
3 points
Discussion
Apr 01
simplai.ai
AI Agent Security: What SoC 2, ISO 27001, and HIPAA Mean in Production
1 point
Discussion
Apr 01
www.bleepingcomputer.com
Axios NPM Package Supply Chain Hack
1 point
Discussion