frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

UnAutomating the Economy: More Labor but at What Cost?

https://www.greshm.org/blog/unautomating-the-economy/
1•Suncho•5m ago•1 comments

Show HN: Gettorr – Stream magnet links in the browser via WebRTC (no install)

https://gettorr.com/
1•BenaouidateMed•6m ago•0 comments

Statin drugs safer than previously thought

https://www.semafor.com/article/02/06/2026/statin-drugs-safer-than-previously-thought
1•stareatgoats•8m ago•0 comments

Handy when you just want to distract yourself for a moment

https://d6.h5go.life/
1•TrendSpotterPro•10m ago•0 comments

More States Are Taking Aim at a Controversial Early Reading Method

https://www.edweek.org/teaching-learning/more-states-are-taking-aim-at-a-controversial-early-read...
1•lelanthran•11m ago•0 comments

AI will not save developer productivity

https://www.infoworld.com/article/4125409/ai-will-not-save-developer-productivity.html
1•indentit•16m ago•0 comments

How I do and don't use agents

https://twitter.com/jessfraz/status/2019975917863661760
1•tosh•22m ago•0 comments

BTDUex Safe? The Back End Withdrawal Anomalies

1•aoijfoqfw•25m ago•0 comments

Show HN: Compile-Time Vibe Coding

https://github.com/Michael-JB/vibecode
5•michaelchicory•28m ago•1 comments

Show HN: Ensemble – macOS App to Manage Claude Code Skills, MCPs, and Claude.md

https://github.com/O0000-code/Ensemble
1•IO0oI•31m ago•1 comments

PR to support XMPP channels in OpenClaw

https://github.com/openclaw/openclaw/pull/9741
1•mickael•31m ago•0 comments

Twenty: A Modern Alternative to Salesforce

https://github.com/twentyhq/twenty
1•tosh•33m ago•0 comments

Raspberry Pi: More memory-driven price rises

https://www.raspberrypi.com/news/more-memory-driven-price-rises/
1•calcifer•38m ago•0 comments

Level Up Your Gaming

https://d4.h5go.life/
1•LinkLens•43m ago•1 comments

Di.day is a movement to encourage people to ditch Big Tech

https://itsfoss.com/news/di-day-celebration/
3•MilnerRoute•44m ago•0 comments

Show HN: AI generated personal affirmations playing when your phone is locked

https://MyAffirmations.Guru
4•alaserm•45m ago•3 comments

Show HN: GTM MCP Server- Let AI Manage Your Google Tag Manager Containers

https://github.com/paolobietolini/gtm-mcp-server
1•paolobietolini•46m ago•0 comments

Launch of X (Twitter) API Pay-per-Use Pricing

https://devcommunity.x.com/t/announcing-the-launch-of-x-api-pay-per-use-pricing/256476
1•thinkingemote•46m ago•0 comments

Facebook seemingly randomly bans tons of users

https://old.reddit.com/r/facebookdisabledme/
1•dirteater_•47m ago•1 comments

Global Bird Count Event

https://www.birdcount.org/
1•downboots•48m ago•0 comments

What Is Ruliology?

https://writings.stephenwolfram.com/2026/01/what-is-ruliology/
2•soheilpro•50m ago•0 comments

Jon Stewart – One of My Favorite People – What Now? with Trevor Noah Podcast [video]

https://www.youtube.com/watch?v=44uC12g9ZVk
2•consumer451•52m ago•0 comments

P2P crypto exchange development company

1•sonniya•1h ago•0 comments

Vocal Guide – belt sing without killing yourself

https://jesperordrup.github.io/vocal-guide/
2•jesperordrup•1h ago•0 comments

Write for Your Readers Even If They Are Agents

https://commonsware.com/blog/2026/02/06/write-for-your-readers-even-if-they-are-agents.html
1•ingve•1h ago•0 comments

Knowledge-Creating LLMs

https://tecunningham.github.io/posts/2026-01-29-knowledge-creating-llms.html
1•salkahfi•1h ago•0 comments

Maple Mono: Smooth your coding flow

https://font.subf.dev/en/
1•signa11•1h ago•0 comments

Sid Meier's System for Real-Time Music Composition and Synthesis

https://patents.google.com/patent/US5496962A/en
1•GaryBluto•1h ago•1 comments

Show HN: Slop News – HN front page now, but it's all slop

https://dosaygo-studio.github.io/hn-front-page-2035/slop-news
7•keepamovin•1h ago•1 comments

Show HN: Empusa – Visual debugger to catch and resume AI agent retry loops

https://github.com/justin55afdfdsf5ds45f4ds5f45ds4/EmpusaAI
1•justinlord•1h ago•0 comments
Open in hackernews

High-Severity Vulnerability in Notepad++

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-063
39•onlinenotepad•7mo ago

Comments

reanimus•7mo ago
Headline is a little misleading imo -- the vulnerability isn't in Notepad++ itself as much as its installer. Current users, I imagine, don't have anything to worry about.
notepad0x90•7mo ago
Unless the updater also runs the installer, then you just drop your malicious dll in the right place and wait for an update, or find a way to force-trigger an update.

Attackers can also use the notepad installer as a payload execution mechanism. To run your malware, just get older notepad++ installers and drop your dll after the installer is running to run it as SYSTEM.

delfinom•7mo ago
Meh, there's plenty of Microsoft services on a system that fall for the same trick. If an attacker has PC access, its game over anyway.
notepad0x90•7mo ago
For a non-admin user to get admin or system, that's a proper CVE. For an admin user behind uac though, uac bypasses aren't considered bypassing of a security boundary so no CVE there.
gertlex•7mo ago
Looks like it's a vulnerability in the installer.

From a small bit of skimming, sounds like it's a user escalation vector, where a low privileged user can run the installer in a contrived manner to achieve privilege escalation.

https://github.com/notepad-plus-plus/notepad-plus-plus/secur...

So for my personal install, nothing to worry about here...

retox•7mo ago
If the problem is in the installer then this can't be 'fixed', affected installers should be fingerprinted as malware.
gertlex•7mo ago
I had that thought of "existing installers are sus..." but didn't connect to "fingerprinting it as malware". Makes sense.

Couple questions as savvy tech person but not working day-to-day in security/IT:

Would a regular home user with an old installer in their Downloads folder need to worry? (is a bad download file going to target looking for these old installers, then moving files around, etc?)

On the other hand, I could see corporate IT having the stronger case of proactively wanting to flag this installer if present on their systems.

notepad0x90•7mo ago
I wanted to say the installer has no business running things as SYSTEM but I suppose there is no way around that for registering COM DLLs. I would think Attackers would need to chain this with a Uac bypass (or be fortunate enough to find Uac disabled). If Uac is setup right, administrative operations like regsvr32 should require going through consent.exe's prompt. Uac bypasses are plenty but systems can be configured to mitigate them (at least the ones I know of). Social engineering is also another good way to bypass Uac.
maskull•7mo ago
This is something that wouldn't be covered by registration free COM?
notepad0x90•7mo ago
tbh, I have no idea. I know that is possible for .NET stuff but I don't know if there are downsides when you don't register it.
Stagnant•7mo ago
Video of a POC: https://drive.google.com/drive/folders/11yeUSWgqHvt4Bz5jO3il...
x______________•7mo ago
Thanks for sharing!