frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Advanced Inertial Reference Sphere

https://en.wikipedia.org/wiki/Advanced_Inertial_Reference_Sphere
1•cyanf•39s ago•0 comments

Toyota Developing a Console-Grade, Open-Source Game Engine with Flutter and Dart

https://www.phoronix.com/news/Fluorite-Toyota-Game-Engine
1•computer23•2m ago•0 comments

Typing for Love or Money: The Hidden Labor Behind Modern Literary Masterpieces

https://publicdomainreview.org/essay/typing-for-love-or-money/
1•prismatic•3m ago•0 comments

Show HN: A longitudinal health record built from fragmented medical data

https://myaether.live
1•takmak007•6m ago•0 comments

CoreWeave's $30B Bet on GPU Market Infrastructure

https://davefriedman.substack.com/p/coreweaves-30-billion-bet-on-gpu
1•gmays•17m ago•0 comments

Creating and Hosting a Static Website on Cloudflare for Free

https://benjaminsmallwood.com/blog/creating-and-hosting-a-static-website-on-cloudflare-for-free/
1•bensmallwood•23m ago•1 comments

"The Stanford scam proves America is becoming a nation of grifters"

https://www.thetimes.com/us/news-today/article/students-stanford-grifters-ivy-league-w2g5z768z
1•cwwc•27m ago•0 comments

Elon Musk on Space GPUs, AI, Optimus, and His Manufacturing Method

https://cheekypint.substack.com/p/elon-musk-on-space-gpus-ai-optimus
2•simonebrunozzi•36m ago•0 comments

X (Twitter) is back with a new X API Pay-Per-Use model

https://developer.x.com/
2•eeko_systems•43m ago•0 comments

Zlob.h 100% POSIX and glibc compatible globbing lib that is faste and better

https://github.com/dmtrKovalenko/zlob
3•neogoose•46m ago•1 comments

Show HN: Deterministic signal triangulation using a fixed .72% variance constant

https://github.com/mabrucker85-prog/Project_Lance_Core
2•mav5431•46m ago•1 comments

Scientists Discover Levitating Time Crystals You Can Hold, Defy Newton’s 3rd Law

https://phys.org/news/2026-02-scientists-levitating-crystals.html
3•sizzle•47m ago•0 comments

When Michelangelo Met Titian

https://www.wsj.com/arts-culture/books/michelangelo-titian-review-the-renaissances-odd-couple-e34...
1•keiferski•48m ago•0 comments

Solving NYT Pips with DLX

https://github.com/DonoG/NYTPips4Processing
1•impossiblecode•48m ago•1 comments

Baldur's Gate to be turned into TV series – without the game's developers

https://www.bbc.com/news/articles/c24g457y534o
2•vunderba•48m ago•0 comments

Interview with 'Just use a VPS' bro (OpenClaw version) [video]

https://www.youtube.com/watch?v=40SnEd1RWUU
2•dangtony98•54m ago•0 comments

EchoJEPA: Latent Predictive Foundation Model for Echocardiography

https://github.com/bowang-lab/EchoJEPA
1•euvin•1h ago•0 comments

Disablling Go Telemetry

https://go.dev/doc/telemetry
1•1vuio0pswjnm7•1h ago•0 comments

Effective Nihilism

https://www.effectivenihilism.org/
1•abetusk•1h ago•1 comments

The UK government didn't want you to see this report on ecosystem collapse

https://www.theguardian.com/commentisfree/2026/jan/27/uk-government-report-ecosystem-collapse-foi...
4•pabs3•1h ago•0 comments

No 10 blocks report on impact of rainforest collapse on food prices

https://www.thetimes.com/uk/environment/article/no-10-blocks-report-on-impact-of-rainforest-colla...
2•pabs3•1h ago•0 comments

Seedance 2.0 Is Coming

https://seedance-2.app/
1•Jenny249•1h ago•0 comments

Show HN: Fitspire – a simple 5-minute workout app for busy people (iOS)

https://apps.apple.com/us/app/fitspire-5-minute-workout/id6758784938
2•devavinoth12•1h ago•0 comments

Dexterous robotic hands: 2009 – 2014 – 2025

https://old.reddit.com/r/robotics/comments/1qp7z15/dexterous_robotic_hands_2009_2014_2025/
1•gmays•1h ago•0 comments

Interop 2025: A Year of Convergence

https://webkit.org/blog/17808/interop-2025-review/
1•ksec•1h ago•1 comments

JobArena – Human Intuition vs. Artificial Intelligence

https://www.jobarena.ai/
1•84634E1A607A•1h ago•0 comments

Concept Artists Say Generative AI References Only Make Their Jobs Harder

https://thisweekinvideogames.com/feature/concept-artists-in-games-say-generative-ai-references-on...
1•KittenInABox•1h ago•0 comments

Show HN: PaySentry – Open-source control plane for AI agent payments

https://github.com/mkmkkkkk/paysentry
2•mkyang•1h ago•0 comments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

https://moli-green.is/
2•ShinyaKoyano•1h ago•1 comments

The Crumbling Workflow Moat: Aggregation Theory's Final Chapter

https://twitter.com/nicbstme/status/2019149771706102022
1•SubiculumCode•1h ago•0 comments
Open in hackernews

Email bombs exploit lax authentication in Zendesk

https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
69•todsacerdoti•3mo ago

Comments

dboreham•3mo ago
Ah. This explains a bunch of odd emails I received all at the same time last week.
Volundr•3mo ago
Yeah I got enough of these from discord, that I emailed their abuse@ and put in a support ticket, but they ignored me. Nice to have it confirmed. I ended up doing a password rotation on the off chance it was me.
whatamidoingyo•3mo ago
Yeah, I got like 50 from bugcrowd. I figured someone found a bug somewhere, lol.
Ekaros•3mo ago
I was kinda confused why I got one from company that really doesn't even operate here and what was the vector with it...
ianhawes•3mo ago
Brian Krebs is a saint for being the perennial punching bag and target of cybercriminals but continuing to publish important information independently.
bombcar•3mo ago
You know, combing "bomb" with LAX makes me think really different things for awhile until my parser finally woke up ...
fckgw•3mo ago
If you start getting an email bombed out of nowhere, being signed up for hundreds of newsletters or other email notifications, take a quick look at your credit card statements for any unknown purchases. Email bombs are often used by card thieves to hide legitimate purchase notifcation email from retailers when they use your stolen creds.
OptionOfT•3mo ago
Another reason to actually get your credit card statement via snail-mail.

I understand it is wasteful, but I go on an evening walk and pick up the mail.

The effort for me to pick up the mail and read my credit card statement is actually quite nice.

It doesn't require you to sign in, and search my house for my phone or my YubiKey, it doesn't prompt me for other credit card offers, doesn't require me to download a PDF reader.

mcast•3mo ago
Better yet, setup transaction alerts on all your credit cards, and use a budgeting app like Monarch/YNAB to review all your household transactions each month or receive weekly email summaries.
YeBanKo•3mo ago
> Monarch/YNAB

Yeah, right. Let some thirds party app collect all your info in their secure cloud. Do you also give Monarch login to your bank account?

PhilippGille•3mo ago
Outbank is an option that runs locally but still connects to banks to fetch transactions: https://outbankapp.com/
tlonny•3mo ago
Also check airline miles haven’t gone missing.

A friend of mine recently had his BA account compromised, all his Avios stolen and he was none the wiser after receiving about 60 emails a minute

bgc•3mo ago
Another fun Zendesk “feature,” that, to my knowledge, has never been fixed is if you CC it on a thread with any other email address that auto-replies, it will get stuck in a loop and ping-pong emails back and forth until the mailbox fills up.
vachina•3mo ago
This attack is called email amplification. Any open form that triggers email sending is vulnerable. Fortunately these bots are pretty basic in my experience, putting a captcha (or anything unexpected) in front is enough to stop these bots.
jtokoph•3mo ago
Unless I missed it, the article doesn’t explain how this works. It seems like the spammer sends an email to support@somecompany.com but spoofs the From address to be the target of the spam. The Zendesk ticket system then sends the auto reply to the spoofed From address
ssalmon•3mo ago
This doesn't surprise me since Zendesk uses the same DKIM key for all customers. I have multiple domains that I support and they all point to the same CNAME record.
mobeigi•3mo ago
This spam campaign drove me nuts! I received so many of these emails from so many random companies.

The key takeaway is to always have a email verification loop (or something stronger like phone verification) when using an anonymous user feature. You need to prove you own an email address before you use it.