frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

I'm Peter Roberts, immigration attorney who does work for YC and startups. AMA

221•proberts•2d ago•298 comments

Ask HN: Why don't GPU/TPU manufacturers commoditize their RAM complement

4•DoctorOetker•17h ago•9 comments

Cursor and Claude Opus 4.5 is a game changer

5•seinecle•12h ago•3 comments

Ask HN: Who wants to be hired? (December 2025)

160•whoishiring•6d ago•409 comments

What's the "best" way to version your product?

5•sshadmand•13h ago•5 comments

Ask HN: Who else got pwned by the Next.js RCE?

8•whycombinetor•14h ago•2 comments

Ask HN: Quality of recent gens of Dell/Lenovo laptops worse than 10 years ago?

111•ferguess_k•6d ago•202 comments

Ask HN: Who is hiring? (December 2025)

309•whoishiring•6d ago•488 comments

Ask HN: Why does every B2B SaaS have to look like Linear/Stripe?

7•PaulShin•1d ago•11 comments

Ask HN: Modern C# book for experienced developers?

28•Fire-Dragon-DoL•2d ago•5 comments

Ask HN: Is it just me or techno-optimism died in the past few years?

24•shubhamjain•19h ago•26 comments

Ask HN: Cloudflare WAF Alternatives?

27•rco8786•2d ago•14 comments

Agentic QA – Open-source middleware to fuzz-test agents for loops

4•Saurabh_Kumar_•4d ago•0 comments

Tell HN: It's now impossible to disable all AI features in Firefox 145 (latest)

74•pera•1w ago•25 comments

Ask HN: How many people got VPNs in response to laws like UK Online Safety Act?

94•hodgesrm•2d ago•87 comments

Ask HN: What's Been Your Experience Implementing Web Accessibility?

5•lalithaar•1d ago•11 comments

Microsoft won't let me pay a $24 bill, blocking thousands in Azure spending

195•Javin007•5d ago•104 comments

Lenovo Support – Hot Garbage

7•rizs12•2d ago•4 comments

Ask HN: What are the ethics at YC?

26•jagged-chisel•3d ago•12 comments

Ask HN: How does one get involved in FPGA development?

14•meifun•3d ago•16 comments

Ask HN: Is Mythical Man-Month still relevant in todays AI Vibe Coding world?

6•Codegres•1d ago•8 comments

Ask HN: What is the future of SaaS when things are this easy to build?

10•fbrncci•2d ago•9 comments

You've reached the end!

Open in hackernews

Ask HN: Who else got pwned by the Next.js RCE?

8•whycombinetor•14h ago
I'm a little embarrassed, but not sure what I could have done differently other than reading the Saturday email from GCP with the nondescript subject "New Advisory Notification". Ten hours later, GCP instance suspended due to crypto mining. Now looking at the disk image, it installed something at ~/nxt/ , installed a monero miner at ~/c3pool/ , and added several systemctl services to run these on startup. BRB, killing this machine with fire... This makes me think I should be running everything in Docker, even simple small stuff that "shouldn't" have any potential security issues.

Fortunately this machine wasn't anything important for me and there was no sensitive data to exfil beyond AI API keys. But I imagine there's other orgs that just got catastrophically, irrecoverably pwned.

What's your story?

(RCE context: https://news.ycombinator.com/item?id=46136026 )

Comments

samdoesnothing•12h ago
I'm sure a lot of people and companies got pwned and they aren't going to disclose it. There are chrome extensions that passively polls sites for the vulnerability, and since the vulnerability is so simple to exploit and leaves virtually no trace...

My gut feeling is that we are going to be feeling the consequences of simultaneous enshittification of software, the mounting complexity of our systems, and AI enslopification combine to create far more vulnerabilities in the future. The only defence is to adopt simple systems and software.

yellow_lead•7h ago
I don't use Next.js but I'm curious as well. My impression was that most people run it under Vercel who patches quickly, but maybe that's not the case.