frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Ask HN: What's the Future of Arc Browser

1•x0054•21s ago•0 comments

Atlas Eon 100 first scalable, permanent, DNA-based data storage service

https://www.atlasds.com/
1•bsdz•33s ago•0 comments

Weather radars used to count flying insects in the skies over the US

https://www.swissinfo.ch/eng/various/weather-radar-to-count-flying-insects/90603742
1•giuliomagnifico•36s ago•0 comments

Designed for Exploitation

https://josebriones.substack.com/p/designed-for-exploitation
1•toomuchtodo•1m ago•0 comments

Get Ready, America: Here Come China's Food and Drink Chains

https://www.nytimes.com/2025/12/01/business/china-restaurants-america.html
1•bookofjoe•3m ago•1 comments

An Oracle: Of Fate and Adjuncting

https://therepublicofletters.substack.com/p/an-oracle
1•everybodyknows•4m ago•0 comments

Can Git back a REST API? (Part 1 – the naive approach)

https://thefridaydeploy.substack.com/p/can-git-back-a-rest-api-part-1-the
1•telliott1984•5m ago•0 comments

Overmatched: Why the US Military Needs to Reinvent Itself

https://www.nytimes.com/interactive/2025/12/08/opinion/us-china-taiwan-military.html
3•fprog•7m ago•0 comments

Show HN: Diesel-guard – Lint Diesel migrations for unsafe PostgreSQL patterns

https://github.com/ayarotsky/diesel-guard
1•ayarotsky•7m ago•0 comments

Show HN: Rust/Python package to render Font Awesome icons to images fast/HQ

https://github.com/minimaxir/icon-to-image
1•minimaxir•8m ago•0 comments

Show HN: YOLO Corp – LeetCode × real-world prod × text adventure × The Office

https://yolocorp.dev
1•err0r500•9m ago•0 comments

Show HN: Autoschematic is a Rust-y ops layer that works with existing infra [video]

https://www.youtube.com/watch?v=Jd6e6YKZm0E
1•pfnsec•11m ago•0 comments

Taildrop · Tailscale Docs

https://tailscale.com/kb/1106/taildrop
2•tambourine_man•12m ago•0 comments

Startup built a Fitbit for your brain to combat chronic stress

https://techcrunch.com/2025/12/05/this-startup-built-a-fitbit-for-your-brain-to-combat-chronic-st...
2•fcpguru•13m ago•2 comments

Growing transgenic plants in weeks instead of months

https://phys.org/news/2025-11-transgenic-weeks-months-hijacking-natural.html
3•PaulHoule•14m ago•0 comments

Launch HN: Nia (YC S25) – Give better context to coding agents

https://www.trynia.ai/
4•jellyotsiro•15m ago•0 comments

The U.S. Gave Mexico a List of Russian Spies. Mexico Let Them Stay

https://www.nytimes.com/2025/12/08/world/americas/mexico-russia-spies.html
3•vinni2•15m ago•0 comments

RIP Tetsu Yamauchi (Former Free and Faces Bassist)

https://www.loudersound.com/bands-artists/former-free-and-faces-bassist-tetsu-yamauchi-dead-at-79
2•pauseandplay•17m ago•1 comments

A Compelling Articulation of Forth's Practical Strengths and Eternal Usefulness

https://im-just-lee.ing/forth-why-cb234c03.txt
1•fallat•17m ago•0 comments

Putting Claude in Container Jail: My Localdev Setup

https://blog.herlein.com/post/localdev-container-jail/
2•speckx•17m ago•0 comments

Synt-E

https://github.com/NeuroTinkerLab/synt-e-project
1•NeuroTinkerLab•18m ago•1 comments

A Pre-Built A2A Agent Executor for the OpenAI Agents JavaScript SDK

https://github.com/a2anet/a2anet-js
1•benclarkeio•18m ago•0 comments

Show HN: Kill Your Low-ROI Projects

https://www.vector-amp.com
1•xZA•20m ago•0 comments

Show HN: I built an AI copilot for SEO

https://www.seoblab.com
1•adamclarke•21m ago•0 comments

Show HN: PyAtlas - Interactive map of the 10,000 most popular PyPI packages

https://pyatlas.io/
1•flo12392•23m ago•0 comments

Wash Post: "Trump's Attack on DEI May Hurt College Men, Particularly White Men"

https://reason.com/volokh/2025/12/08/washington-post-trumps-attack-on-dei-may-hurt-college-men-pa...
5•crackercrews•23m ago•4 comments

Do These AI-Generated Food Images Look Appetizing to You?

https://sf.eater.com/restaurant-news/210033/forkable-ai-generated-food-photos-catering
1•bobbiechen•23m ago•0 comments

Microsoft has a problem: nobody wants to buy or use its shoddy AI products

https://www.windowscentral.com/artificial-intelligence/microsoft-has-a-problem-nobody-wants-to-bu...
63•mohi-kalantari•31m ago•27 comments

Lyria Camera: Soundtrack your life

https://magenta.withgoogle.com/lyria-camera-announce
1•xnx•31m ago•0 comments

Building Communities of Practice That Amplify Learning Across Organisations

https://emilywebber.co.uk/building-communities-of-practice-that-amplify-the-flow-of-learning-acro...
1•mooreds•32m ago•0 comments
Open in hackernews

Google Confirms Android Attacks-No Fix for Most Samsung Users

https://www.forbes.com/sites/zakdoffman/2025/12/08/google-confirms-android-attacks-no-fix-for-most-samsung-users/
17•mohi-kalantari•52m ago

Comments

Squeeze2664•31m ago
Is GrapheneOS affected?
jackwilsdon•6m ago
From what I can tell, if you're running the latest security preview release[1] then it's already fixed: https://grapheneos.org/releases#2025120400

https://discuss.grapheneos.org/d/27068-grapheneos-security-p...

purplehat_•19m ago
The Forbes link unfortunately doesn't say much about how it works. This link does a little better:

https://github.com/Ashwesker/Blackash-CVE-2025-48633

The text there:

                  ┌──────────────────────────┐
                  │   Attacker (C2 Server)   │
                  └────────┬─────────────────┘
                           │ 1. Delivers malicious APK
                           │    (phishing, fake app store, drive-by)
                           ▼
  ┌─────────────────────────────────────────────────────┐
  │                Victim's Android 15 Phone            │
  │  (Security patch < 2025-12-01 → still vulnerable)   │
  └─────────────────────────────────────────────────────┘
                           │
            ┌──────────────┴──────────────┐
            ▼                             ▼
     User installs & opens       Malicious app runs in background
     "Fake Game / Tool" APK      (no permissions needed for this CVE)
            │
            │ 2. App triggers vulnerable Framework API
            │    (crafted Intent / Binder transaction)
            ▼
     ┌───────────────────────────────────┐
     │   Android Framework (buggy)       │
     │   code in Parcel/Binder handling) │
     └───────────────────────────────────┘
            │
            │ 3. Information Disclosure occurs
            │    → Sensitive data leaked without user interaction
            ▼
     Leaked data examples:
     • Device ID / IMEI
     • Installed app list
     • Account tokens
     • Contacts / SMS snippets
     • Clipboard content
     • Location history fragments
            │
            │ 4. Data silently sent back
            ▼
     ┌───────────────────────────────────┐
     │   Attacker receives stolen data   │
     → Can be sold, used for             │
     └───────────────────────────────────┘        spying, or chained with
                                             other exploits (e.g. CVE-2025-48572)
pogue•11m ago
So it sounds like if you don't sideload apps you would not be at risk, correct?
domoregood•16m ago
https://archive.is/krzUC
xnx•16m ago
No fix yet for Samsung. Being reliant on the hardware manufacturer (or network operator?) for OS updates is the crazy world we live in.
ChocolateGod•4m ago
[delayed]
baal80spam•12m ago
This requires user action, right? User needs to install the APK by hand? In other words - if I don't install any crap on my phone I am safe?
rew0rk•10m ago
While the information leakage/disclosure is a big issue, It feels like its still a big jump to get users to install off-Play Store APKs?