frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Portuguese icon (FROM A CAN) makes a simple meal (Canned Fish Files) [video]

https://www.youtube.com/watch?v=e9FUdOfp8ME
1•zeristor•23s ago•0 comments

Brookhaven Lab's RHIC Concludes 25-Year Run with Final Collisions

https://www.hpcwire.com/off-the-wire/brookhaven-labs-rhic-concludes-25-year-run-with-final-collis...
1•gnufx•2m ago•0 comments

Transcribe your aunts post cards with Gemini 3 Pro

https://leserli.ch/ocr/
1•nielstron•6m ago•0 comments

.72% Variance Lance

1•mav5431•7m ago•0 comments

ReKindle – web-based operating system designed specifically for E-ink devices

https://rekindle.ink
1•JSLegendDev•9m ago•0 comments

Encrypt It

https://encryptitalready.org/
1•u1hcw9nx•9m ago•1 comments

NextMatch – 5-minute video speed dating to reduce ghosting

https://nextmatchdating.netlify.app/
1•Halinani8•10m ago•1 comments

Personalizing esketamine treatment in TRD and TRBD

https://www.frontiersin.org/articles/10.3389/fpsyt.2025.1736114
1•PaulHoule•11m ago•0 comments

SpaceKit.xyz – a browser‑native VM for decentralized compute

https://spacekit.xyz
1•astorrivera•12m ago•1 comments

NotebookLM: The AI that only learns from you

https://byandrev.dev/en/blog/what-is-notebooklm
1•byandrev•12m ago•1 comments

Show HN: An open-source starter kit for developing with Postgres and ClickHouse

https://github.com/ClickHouse/postgres-clickhouse-stack
1•saisrirampur•12m ago•0 comments

Game Boy Advance d-pad capacitor measurements

https://gekkio.fi/blog/2026/game-boy-advance-d-pad-capacitor-measurements/
1•todsacerdoti•13m ago•0 comments

South Korean crypto firm accidentally sends $44B in bitcoins to users

https://www.reuters.com/world/asia-pacific/crypto-firm-accidentally-sends-44-billion-bitcoins-use...
2•layer8•14m ago•0 comments

Apache Poison Fountain

https://gist.github.com/jwakely/a511a5cab5eb36d088ecd1659fcee1d5
1•atomic128•15m ago•2 comments

Web.whatsapp.com appears to be having issues syncing and sending messages

http://web.whatsapp.com
1•sabujp•16m ago•2 comments

Google in Your Terminal

https://gogcli.sh/
1•johlo•17m ago•0 comments

Shannon: Claude Code for Pen Testing: #1 on Github today

https://github.com/KeygraphHQ/shannon
1•hendler•17m ago•0 comments

Anthropic: Latest Claude model finds more than 500 vulnerabilities

https://www.scworld.com/news/anthropic-latest-claude-model-finds-more-than-500-vulnerabilities
2•Bender•22m ago•0 comments

Brooklyn cemetery plans human composting option, stirring interest and debate

https://www.cbsnews.com/newyork/news/brooklyn-green-wood-cemetery-human-composting/
1•geox•22m ago•0 comments

Why the 'Strivers' Are Right

https://greyenlightenment.com/2026/02/03/the-strivers-were-right-all-along/
1•paulpauper•24m ago•0 comments

Brain Dumps as a Literary Form

https://davegriffith.substack.com/p/brain-dumps-as-a-literary-form
1•gmays•24m ago•0 comments

Agentic Coding and the Problem of Oracles

https://epkconsulting.substack.com/p/agentic-coding-and-the-problem-of
1•qingsworkshop•24m ago•0 comments

Malicious packages for dYdX cryptocurrency exchange empties user wallets

https://arstechnica.com/security/2026/02/malicious-packages-for-dydx-cryptocurrency-exchange-empt...
1•Bender•25m ago•0 comments

Show HN: I built a <400ms latency voice agent that runs on a 4gb vram GTX 1650"

https://github.com/pheonix-delta/axiom-voice-agent
1•shubham-coder•25m ago•0 comments

Penisgate erupts at Olympics; scandal exposes risks of bulking your bulge

https://arstechnica.com/health/2026/02/penisgate-erupts-at-olympics-scandal-exposes-risks-of-bulk...
4•Bender•26m ago•0 comments

Arcan Explained: A browser for different webs

https://arcan-fe.com/2026/01/26/arcan-explained-a-browser-for-different-webs/
1•fanf2•27m ago•0 comments

What did we learn from the AI Village in 2025?

https://theaidigest.org/village/blog/what-we-learned-2025
1•mrkO99•28m ago•0 comments

An open replacement for the IBM 3174 Establishment Controller

https://github.com/lowobservable/oec
1•bri3d•30m ago•0 comments

The P in PGP isn't for pain: encrypting emails in the browser

https://ckardaris.github.io/blog/2026/02/07/encrypted-email.html
2•ckardaris•32m ago•0 comments

Show HN: Mirror Parliament where users vote on top of politicians and draft laws

https://github.com/fokdelafons/lustra
1•fokdelafons•33m ago•1 comments
Open in hackernews

Reports of Gmail security issue are inaccurate

https://blog.google/products/workspace/gmail-security-protections/
44•pentagrama•5mo ago

Comments

spectraldrift•5mo ago
It's wild how quickly this rumor spread across major news sources, and yet I was unable to find a primary source at all. I wonder how this started.
greatgib•5mo ago
I was also confused. Thinking that it was a rumor, like the usual dump of credentials found in internet.

But no, Google had a major leak due to a lack of security on their side. And I have a strong suspicion that they released conflicting info over the past week in order to be fuzzy enough to defuse the blame. The "nothing to see there" while at the same time covering their ass by being able to say that they were transparent about it.

Here is a summary about what happened: https://news.trendmicro.com/2025/08/26/google-data-breach-gm...

There was also an official post in Google blog about that, that conveniently is not easy anymore to find un Google search despite using all the right keywords...

So Google is using Salesforce to manage their Google ad leads and the database of their salesforces instances was breached. And despite the database not holding the passwords or credentials to your account, they have all the details about you, and your interactions with Google if you ever interacted with google ads. Like a few million persons.

And using that, it looks like hackers were able to craft more convincing than real emails looking like coming from Google, to scam people and still their credentials this time.

trod1234•5mo ago
Rumor-mongering is primarily what the Chinese PLC and other state apparatus on their side does these days; at least much of the public facing after-math, its called irregular warfare or 5GW.

While I'm not familiar with the specific of this particular incident the fact I mention must always be considered.They are quite good at what they do.

For a bit of background checkout the Mandiant ORB Networks talk.

creatonez•5mo ago
No, random unsubstantiated conspiracy theories must not "always be considered". Especially when, per your own admission, you don't know any of the details
immibis•5mo ago
If China is trying to take down Google and it's working, I say good.
usr1106•5mo ago
Completely useless corporate speech. The whole text contains zero more information than the headline. I would have expected at least some information what are the false claims.
paulddraper•5mo ago
> Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false.
RandomBacon•5mo ago
> Several inaccurate claims surfaced recently

>> So did some accurate claims, but we won't talk about those.

> we issued a broad warning to all Gmail users

>> we issued a narrow warning to some Gmail users

> a major Gmail security issue

>> we consider it a minor issue

> This is entirely false.

>> So technically we're correct!

paulddraper•5mo ago
Hm, I would take big issue with "This is entirely false."

That means there is no kernel of truth.

RandomBacon•5mo ago
Yep.

I'm curious, do people think I was supporting Google or something with my above comment? Should I have italicized instead of >>?

paulddraper•5mo ago
No idea, HN is pretty random.
zaptheimpaler•5mo ago
Don't know what the news says, but today morning I got a call from a "James Wilson" claiming to be from Google. He knew my email address (and phone number obviously) and told me that someone was attempting to change my phone number. He wanted to do a security authorization or something where I guess I would have been asked to divulge more information about my account.

When I asked him to prove he was from Google, he didn't seem fazed at all and said he would send me an email from a google.com email to prove it, and gave me his name and "employee ID". We kept talking and he said the email should show up and it was sent from his side, but the email never came. I then said I'd call google support and ask to speak with him instead - he was still unfazed. I did call Google support (im on Google One for Gemini access so luckily I actually have access to a phone number I can call), and they said it was likely a phishing attempt. I did suspect scam from the start, but it did seem a tad more professional and polished than the usual scams - the person really sounded professional, good voice quality, there wasn't a whole lot of noise in the background, they weren't fazed by my attempts at verification and just tried to dodge them hoping I wouldn't notice instead, they didn't try any pressure/urgency tactics like scammers often do.

So this news is real.. as far as I can tell they were able to connect my email address to my phone number via a leak from Google. They were trying to escalate that into further access.

conception•5mo ago
You’ve never hit a breach from https://haveibeenpwned.com before that included your email and phone number?
zaptheimpaler•5mo ago
I checked and I have a year+ ago, I just thought the timing is pretty coincidental to be the same day Google posts this. The recent breach is real, and oddly the scammers have an incentive to spread the news further because it actually supports their story when calling a victim.
shaftway•5mo ago
I was able to break through the scam veneer on one of these calls. It was remarkably professional up until I outright called him out and told him how I knew it was a scam (the email "from Google" didn't have the right headers, he missed a bit of the terminology, didn't recognize a term, and the caller ID number was listed as being used for this scam).

I asked where he got my information, and he claimed he pulled it from Github and cross-referenced it with a large public dump.

evulhotdog•5mo ago
I think it’s a lot likelier that some other company which has both your phone and email was breached, and conveniently the domain in your email tells them who you use as your email provider, which they can then pose as.
delfinom•5mo ago
>While it’s always the case that phishers are looking for ways to infiltrate inboxes, our protections continue to block more than 99.9% of phishing and malware attempts from reaching users.

Let's see, things that bypass the filters:

1. Using <yourgmailaddressfirstpart>@google.com which causes a mail delivery error bot bounce to @gmail.com with the spam/malware content

2. Using thousands of bot created gmail.com accounts because the gmail domain has immediate reputation within gmail