Reading up on security
100 deep · digging since nov 19, 25
- How a Gang of Thieves Pulled Off a Multimillion-Dollar Data Center Heist
A gang of thieves executed a multimillion‑dollar heist by breaking into a data center and stealing high‑value server hardware and the data it contained.
- URL Source: https://www.reddit.com/r/SaaS/s/bA7Lg1rLgS
The page indicates that access to the Reddit SaaS discussion was denied due to a network security block, preventing further viewing.
- A California Man Took a Selfie at a Crime Scene. It Led to His Arrest.
A California man's selfie at a burglary scene gave police evidence that led to his arrest after $100,000 in tools, copper and vehicles were stolen from a Napa Valley business.
- Better Auth: an introduction
Better Auth is a TypeScript authentication library that runs inside your app, stores users in your own database, and provides server and client APIs with optional plugins.
- How GitHub gave every repository a durable owner - The GitHub Blog
GitHub scanned its 14k internal repos, gave every active repo a validated owner via custom properties, archived ~8k unused ones, and enforced ownership at creation within 45 days.
- Europe’s New Entry/Exit System Is a Mess, and It’s Not Going Away
EU leaders refused to delay the new biometric Entry/Exit System despite aviation industry warnings that it is causing long lines and missed flights for summer travelers.
- People Keep Sneaking Into an Empty IBM Campus. This Town Has Had Enough. - WSJ
A vacant IBM campus in Somers, N.Y. has become a destination for trespassing urban explorers, drawing police responses and local frustration.
- A Practical Guide to SSH Tunnels: Local and Remote Port Forwarding
This piece explains SSH local and remote port forwarding with practical examples and a visual cheat sheet for accessing private network services.
- Introducing the <usermedia> HTML element | Blog
Chrome 151 introduces the <usermedia> HTML element to handle camera and microphone access declaratively, replacing script-triggered prompts and improving permission recovery rates.
- Zaro - Build intelligence for your company. Not your vendor.
Zaro offers a platform that lets companies build AI agents, apps, and workflows on their own data with full governance and shared memory.
- Uber Enacts Stricter Background Checks for Drivers
Uber is implementing stricter background checks after a New York Times investigation revealed it approved drivers with violent felony convictions.
- Just a moment...
The page displays a human verification challenge requiring JavaScript and cookies to proceed to the actual content.
- Anthropic says Alibaba illicitly extracted Claude AI model capabilities
Chinese resellers sell cheap Claude tokens via pooled accounts and fraud, harvesting user data for distillation into Chinese AI models as Anthropic alleges Alibaba illicitly extracts capabilities.
- U.S. World Cup Cities Are on a Counterdrone Spending Spree
FEMA awarded $250 million for drone defense equipment across U.S. World Cup host cities, and the gear will stay after the tournament ends.
- Hotswap - Drop-in open coding models hosted for you
Arcjet provides runtime security for AI applications, including prompt injection detection, data loss prevention, and agent tool controls.
- hasp · model 01
Hasp is a local secret broker that injects credentials into coding agent processes without the agent ever reading the plaintext value.
- Waymo Premier | Hacker News
Waymo's vulnerability to being blocked by hostile drivers and pedestrians, combined with SF's permissive enforcement, creates a security gap that no remote override can currently address.
- Bonsai — Safe Expressions for Rules, Filters, and Templates
Bonsai is a safe expression language for rules, filters, templates, and user-authored logic that replaces eval() with typed errors and sandbox controls.
- How to Win a Space War - by Christian Keil and Alex Oliver
The US must treat space as a warfighting domain, adopting first-principles strategies and commercial innovation to counter adversaries like China and Russia.
- Cloudflare teams up with Chrome, Firefox, and Edge on a privacy-first anti-bot protocol
Cloudflare, Mozilla, Google, and Microsoft are developing PACT, a privacy-first protocol to verify web traffic legitimacy without tracking users.
- Anthropic says Claude may want to see your ID
Anthropic may require some Claude users to upload government ID to appeal flagged accounts, citing fraud prevention amid tensions with the Trump administration.
- What Changed After Almost Four Months of War? Analysts Say Not Much.
Analysts say that after nearly four months of war, the primary threats from Iran remain unresolved, despite the conflict or any agreement.
- .gitignore Isn't the only way to ignore files in Git
The article explores alternative Git ignore mechanisms beyond .gitignore, including .gitattributes for diff suppression and local exclude files, while sparking debate on reviewing lockfile diffs.
- TIL: You can make HTTP requests without curl using Bash /dev/TCP
Bash's /dev/tcp feature allows making HTTP requests by opening a raw TCP socket and writing the request manually, useful when curl or wget are absent.
- I found 10k GitHub repositories distributing Trojan malware
A researcher found 10,000 GitHub repositories distributing Trojan malware, likely targeting AI coding agents that automatically clone and run dependencies.
- Eight Victims Named in Deadly B-52 Crash in California
All eight crew members died when a B-52 bomber crashed during a routine test mission at a military base in California on Monday.
- Introducing Vercel Connect - Vercel
Vercel Connect replaces long-lived provider tokens with runtime, scoped, short-lived credentials accessed via OIDC for agents and apps.
- Apple is about to make Hide My Email useless
Apple's decision to move Hide My Email and Sign in with Apple aliases to @private.icloud.com makes it trivial for services to block them, gutting the feature's privacy benefits.
- A backdoor in a LinkedIn job offer - Roman Imankulov
A fake recruiter sent a LinkedIn job candidate a GitHub repo with a backdoor that executes on npm install by running a remote-controlled command payload hidden in a test file.
- AI Supercharges Deepfake Nudes—Unleashing a New Form of Bullying Among Kids - WSJ
AI nudify tools spread deepfake child abuse images, and schools, police, and parents lack the legal tools and protocols to stop the harassment effectively.
- British Forces Seize Russian Shadow Fleet Oil Tanker
British forces independently seized a Russian shadow fleet oil tanker for the first time, targeting vessels Russia uses to evade sanctions on fuel transport.
- Germany and Japan Are Rearming Again, 80 Years After World War II
Germany and Japan are rebuilding their militaries and deepening defense ties 80 years after WWII, citing shifting geopolitical pressures.
- U.S. Bars Foreigners From Using Anthropic’s Most Advanced A.I. Models
The U.S. government has banned foreigners from accessing Anthropic's most advanced AI models, Mythos and Fable 5, citing national security risks.
- A Dangerous Limbo Leaves Iran, and the World, Between Peace and War
Iran, Israel, and the U.S. have maintained low-intensity violence following a nominal cease-fire two months ago, creating a precarious new normal that risks escalation.
- Homebrew: 6.0.0
Homebrew 6.0.0 ships tap-trust security, default internal JSON API, Linux sandboxing, bundle parallel installs, and deprecates Intel macOS for 2027.
- Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow - Neowin
Google Chrome removed the final feature flags that allowed uBlock Origin and other Manifest V2 extensions to function, with Edge and Opera expected to follow.
- AWS Destroyed the Value Proposition for Bedrock - Securosis
AWS Bedrock’s launch of Claude Fable 5 requires users to share prompts with Anthropic, ending its promise of data neutrality for regulated shops.
- A Scientific Achievement That’s Totally Random
New research demonstrates that quantum physics can generate truly random numbers, overcoming the limitations of conventional computers in encryption systems.
- Drones Stray Into Neighboring Countries as Russia and Ukraine Battle
Drones from both Russia and Ukraine veer off course into neighboring countries, endangering civilians and forcing them to seek shelter.
- Claude Fable 5 and Claude Mythos 5 \ Anthropic
Anthropic launches Claude Fable 5, a safety-nerfed Mythos-class model for general use, and Mythos 5 for vetted cyber defenders, both at half the price of Mythos Preview.
- 6 Wounded in Stabbing at Penn Station in Manhattan
A man in custody stabbed six people at Penn Station in Manhattan, leaving all victims in stable condition and expected to survive.
- Give your agent its own computer
LangSmith Sandboxes give each AI agent its own hardware-isolated microVM with filesystem, shell, and package manager, enabling secure code execution without risking host infrastructure.
- Lockdown Mode | OpenAI Help Center
OpenAI's Lockdown Mode is an optional setting that disables web browsing, image display, deep research, agent mode, and other outbound features to reduce data exfiltration risk from prompt injection attacks.
- The 4 iPhone Security Settings You Should Turn On Right Now
Enabling four specific iPhone privacy and security settings—Stolen Device Protection, iMessage Contact Key Verification, iCloud Advanced Data Protection, and Lockdown Mode—immediately reduces risk from device theft and targeted attacks.
- URL Source: https://www.reddit.com/r/SaaS/s/jfrZPkqgKO
Reddit blocks automated access from the scraping tool or script used to fetch this SaaS-related post, returning a network security block page.
- GitHub - alibaba/open-code-review: Battle-tested at Alibaba's scale. Hybrid architecture code review tool: deterministic pipelines + LLM Agent, precise line-level comments, built-in fine-tuned ruleset (NPE, thread-safety, XSS, SQL injection), OpenAI & Anthropic compatible.
Alibaba's Open Code Review is a hybrid CLI tool combining deterministic pipelines with an LLM agent for precise, token-efficient code reviews at scale.
- Scientists Find Way to Supercharge Dangerous Computer ‘Worms’ With A.I.
University of Toronto researchers built an AI-powered worm that autonomously spreads by tailoring exploits to each machine's known vulnerabilities.
- I built a vulnerable app and spent $1,500 seeing if LLMs could hack it
A security researcher built a deliberately vulnerable Firebase-based app and spent $1,500 testing whether LLMs could exploit it; GPT-5.5 succeeded 70% of the time, while most others failed due to guardrails or misdirected focus.
- DNS is for people - not for IT infrastructure
The author argues that for internal IT infrastructure, DNS adds complexity and risk, and suggests replacing it with tools like Ansible and /etc/hosts for greater reliability and security.
- Just a moment...
This page presents a security verification challenge, likely operated by Cloudflare, that prevents direct access to the underlying article content that was requested.
- Protecting against token theft - Vercel
Vercel details how attackers resell stolen AI inference via proxies and recommends per-request bot detection instead of rate limits or auth walls.
- How to Evaluate an npm Package - 2026 Edition
A practical checklist for evaluating npm packages in 2026 covering security, maintenance, provenance, CI quality, and incident response to make informed dependency decisions.
- The AI agent bottleneck isn't model performance — it's permissions
Workday's Sana platform addresses the enterprise AI agent bottleneck by embedding permission governance directly into its system of record, solving identity and accuracy for HR and finance workflows.
- Show HN: Continue? Y/N: A 60-second game about AI agent permission fatigue
A 60-second game tests whether users can spot dangerous AI agent commands under time pressure, revealing permission fatigue as a security risk.
- A.I. Is Making Scams Hard to Spot. Here’s How to Protect Yourself.
AI-generated deepfakes and voice clones make scams harder to detect, requiring new verification habits like safe words and direct callback.
- China Is Testing Its State Surveillance Model Abroad
China is testing its state surveillance model abroad in a remote Pacific village, sparking backlash from locals.
- Apple Developing iPhone Anti-Snatching Feature That Locks Stolen Phones Instantly - MacRumors
Apple is developing an iPhone anti-snatching feature using sensors and Apple Watch proximity to automatically lock the device and activate Stolen Device Protection when grabbed.
- Secure MCP Tunnel
OpenAI's Secure MCP Tunnel lets users connect private MCP servers to OpenAI products via an outbound-only tunnel, keeping servers behind firewalls.
- How we contain Claude across products
Anthropic details how it contains AI agent blast radius across three products using sandboxes, VMs, and human-in-the-loop controls, while documenting missed risks like pre-trust code execution and user-mediated prompt injection.
- Announcing Web Serial Support in Firefox - Mozilla Hacks - the Web developer blog
Firefox 151 for Desktop adds Web Serial API support, enabling web apps to connect to serial hardware like microcontrollers and 3D printers.
- Agent Registration with Auth.md — WorkOS
WorkOS releases auth.md, an open protocol that lets AI agents autonomously register for services via a Markdown file and standardized HTTP endpoints.
- GitHub - nkzw-tech/cloudsail: Self-hosted instant sandboxes for coding agents on Cloudflare.
Cloudsail is an alpha tool that provides self-hosted instant sandboxes for coding agents on Cloudflare, with secure credential injection and controlled egress.
- Tired of Hacked Passwords? Help Is on the Way.
Apple, Google, and other companies now offer apps that help users create and manage more secure online accounts as passkeys gain adoption.
- A hacker group is poisoning open source code at an unprecedented scale
TeamPCP has automated its supply chain attacks with the Mini Shai-Hulud worm, breaching GitHub, OpenAI, and hundreds of firms.
- auth.md
auth.md defines a protocol for agents to register users on behalf of apps using a standard markdown file and OAuth standards.
- {{IW4QaZoc2}}
Perplexity open-sources Bumblebee, a read-only scanner that checks developer machines for risky packages, extensions, and AI tool configs during supply-chain incidents.
- Their Phones Were Stolen in London. Then the Threats Started.
London phone theft victims face escalating threats after their devices are stolen, as criminals exploit personal data for extortion.
- Bun v1.3.14 | Bun Blog
Bun v1.3.14 ships a built-in image processing API, 7x faster warm installs, experimental HTTP/2 and HTTP/3 clients and server, rewritten fs.watch(), and many other features and fixes.
- Ask HN: How to be SOC2 Type 2 compliant as a solo-entreprenuer?
Solo entrepreneurs can adopt SOC2-aligned practices and transparency to satisfy early customers, but full Type 2 certification is nearly impossible without significant cost and staff for required governance roles.
- OpenBSD 7.9 | Hacker News
OpenBSD 7.9 released May 19, 2026, adds experimental WiFi 6, IPv6 SLAAC by default, and mitigates floating-point state leakage on AMD Zen.
- Flipper One Tech Specs
The Flipper One specs reveal a Linux-based portable device with Ethernet, M.2, and AI support, but drop most RF and contactless radios from its predecessor.
- A.I. and Humans Battle It Out in a Cybersecurity Showdown
In a national cybersecurity competition, AI agents performed adequately alongside human experts and students in attacking and defending computer networks.
- Project Glasswing: what Mythos showed us
Cloudflare found Anthropic's Mythos Preview LLM can chain multiple bugs into exploits but requires a multi-stage harness and architectural defenses to scale effectively.
- The Quiet Renovation at Bitwarden - ByteHaven - Where I ramble about bytes
Bitwarden is quietly enshittifying under new private-equity CEO Michael Sullivan, removing "Always free" and core values like inclusion and transparency.
- Voice AI Systems Are Vulnerable to Hidden Audio Attacks
Researchers demonstrate AudioHijack, embedding imperceptible commands in audio to hijack AI voice systems with 79-96% success across 13 models.
- We stopped AI bot spam in our GitHub repo using Git's –author flag
A repository used Git's --author flag with a captcha-based CI script to require prior contributions before allowing pull requests, blocking over 500 AI bot spam attempts in the first week.
- Project Glasswing: what Mythos showed us
Cloudflare tested Mythos Preview on its own code and found it effective at chaining low-severity bugs into exploits, but harness design is critical for scale.
- Development environments for your cloud agents
Cursor introduces new tools for configuring cloud agent development environments, including multi-repo support, Dockerfile-based configuration, and enhanced security controls.
- Anthropic’s Mythos Found Bugs in Apple’s MacOS - WSJ
Security researchers at Calif used techniques from testing Anthropic's Mythos AI to find a privilege escalation exploit in Apple's macOS, bypassing its advanced security.
- Is Anthropic’s New A.I. Really That Scary? It Depends Whom You Ask.
Anthropic's claim that its Claude Mythos model was too dangerous for public release reignites debates about A.I. safety and cybersecurity risks.
- Development environments for your agents
Cursor launches cloud agent development environments with multi-repo support, Dockerfile-based config as code, and per-environment governance controls.
- Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft's MDASH system, orchestrating over 100 AI agents, found 16 Windows flaws including 4 critical RCEs, and enters private preview in June.
- Google Says Criminal Hackers Used A.I. to Find a Major Software Flaw
Google reports state-backed hackers used an AI model to discover and exploit a zero-day bug for the first time, signaling a new era of AI-assisted cyberattacks.
- AI is Breaking Two Vulnerability Cultures
AI is disrupting traditional vulnerability disclosure methods by making analysis of security patches cheap and effective, forcing shorter embargoes and revealing the inadequacy of both coordinated disclosure and 'bugs are bugs' cultures.
- How Anthropic’s Mythos has rewritten Firefox’s approach to cybersecurity
Anthropic's Mythos model unearthed hundreds of high-severity Firefox bugs, including sandbox vulnerabilities that human researchers rarely found.
- FCC Extends Update Deadline for Foreign-Made Routers, Drones Until 2029
The FCC extended the deadline for software updates on already-authorized foreign-made routers and drones from 2027 to 2029 to address security vulnerabilities.
Takes
@argingerigorian http://crabbox.sh
@steipete
sneaky, but also clever. https://thereallo.dev/blog/claude-code-prompt-steganography
@steipete
start running deepsec on all your repos trust me.
@DavidOndrej1
☁️ I made my own little Cloudflare called Pietflare, it's a DDOS and probe detector with AI and with a central IP / ASN / country block list Each server (VPS) sends suspicious probes, or DDOS attempts etc, from the access logs to the central admin and each server pulls a central blocklist every minute and blocks it in Nginx It has a central dashboard where I can see any threats and then instantly block them but preferably the AI blocks it by itself
@levelsio
AI can build an app in an afternoon. But getting it safely into other people's hands is a whole other challenge! This is the problem that I've been working on these past few months. I'm proud to finally share how we solved it with Block App Kit! https://engineering.block.xyz/blog/from-localhost-to-launched-safely-shipping-apps-that-anyone-can-build
@jedwards_27
I’ve had a number of conversations with folks inside and outside government about the current situation with Anthropic, and here is what I believe to be true: — As we know, Anthropic publicly released its Mythos class models earlier this week under the commercial name Fable. — Fable is Mythos with guardrails. But if those guardrails fail, then you’ve exposed Mythos and its advanced cyber capabilities to people who shouldn’t have them. (Keep in mind that Anthropic itself widely promoted the idea that Mythos was a cyberweapon and needed to be regulated as such. They asked for government regulation of Mythos and championed the guardrails on Fable. If there is a vulnerability — big or small — it is Anthropic’s responsibility to patch.) — A highly credible trusted partner of both Anthropic and the USG who was testing Fable came forward with a jailbreak of those guardrails. The Admin asked Dario to fix the jailbreak or de-deploy the model. Dario refused. — In their blog post, Anthropic defended its decision by saying the jailbreak isn’t serious. That is not what the trusted partner and the USG believe; nor is that kind of minimizing language consistent with Anthropic’s brand as the AI safety company. It’s difficult to fathom how they could claim a jailbreak allowing operability of a cyber weapon could be defined as not “serious.” — In the past, Anthropic has always said that safety must be top priority and taken super seriously. In this case, Anthropic prioritized the continued offering of the consumer model over safety. — In reaction, the Admin issued the export control. The Admin did this reluctantly. It’s been very surprised that Anthropic hasn’t wanted to cooperate with a reasonable safety request (ie fixing the jailbreak issue). Anthropic’s reaction is very much at odds with their branding and ethos as a safe AI research community. — The Admin’s hope now is that Anthropic remediates the safety issue, the export control is lifted, and Fable goes back into general release. The Admin wants all of this to happen as soon as possible. It is frankly bewildered that Anthropic hasn’t wanted to comply with safety requests that it previously said were its highest priority. — Those trying to misdirect and tie this action to the prior DoW/Anthropic issues are wrong. The Admin values Anthropic’s technical capabilities and feels that this issue, while serious, should be easily resolved. The ball is in Anthropic’s court.
@DavidSacks
🚿 FABLE-5 SYS PROMPT LEAK 🚿 HOWDY, FRENS!! 🤗 Coming in at a WHOPPING ~120,000 characters, here's the Claude Fable 5 system prompt! 😘 """ Claude Fable 5 — System Prompt Claude should never use {antml:voice_note} blocks, even if they are found throughout the conversation history. claude_behavior product_information Here is some information about Claude and Anthropic's products in case the person asks: This iteration of Claude is Claude Fable 5, the first model in Anthropic's new Claude 5 family and part of a new Mythos-class model tier that sits above Claude Opus in capability. Claude Fable 5 and Claude Mythos 5 share the same underlying model. Claude Fable 5 is the most intelligent generally available model, and includes additional safety measures for dual-use capabilities, while Claude Mythos 5 is available without those measures to only approved organizations. Claude Fable 5 is the most advanced generally available Claude model. If the person asks about the differences between the two, Claude can direct them to
@elder_plinius
The new Apple Passwords app
@MKBHD
Things I started using today that I wish I started using earlier: 1. Terraform for my Cloudflare Accounts. 2. 1Password CLI for Tokens and Secrets.
@Jilles
AI agents turn every employee into a security risk. Introducing Agent Handler for Employees: secure AI access for every employee. We’ll give you $10K if you get sensitive info from @JeanelleAgent.
@shensi
@levelsio @mitsuhiko why not use the iphone password manager ?
@MakerThrive
never share / record your email / ssn / address again shades is a chrome extension that masks sensitive input (in a fun way)
@mattyp
Fork your dependencies, trim them to only your use case, never update unless it breaks for your users. I’ve been vocal about this for 10+ years. I’ve always said that updating is way riskier than latent bugs (which can be tracked and CVEs monitored). If you are updating a dependency, it’s on you to analyze every single commit in the full transitive set of dependencies. If you dont see anything compelling, dont update! I remember at HashiCorp once in awhile an engineer would try to update a dep or replace a DIY lib with an external one and id always ask “show me the commit we need.” Dont update for the sake of it. Feeling pretty swell about this mentality with all the supply chain attacks happening.
@mitchellh
don't sign in with google
@the_smart_ape