frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Inside PostHog: SSRF, ClickHouse SQL Escape and Default Postgres Creds to RCE

https://mdisec.com/inside-posthog-how-ssrf-a-clickhouse-sql-escaping-0day-and-default-postgresql-credentials-formed-an-rce-chain-zdi-25-099-zdi-25-097-zdi-25-096/
38•arwt•1h ago

Comments

taw_1265•1h ago
PostHog does a lot of vibe coding, I wonder how many other issues they have.
Nextgrid•1h ago
Not that I’m disproving it but do you have a source? Companies say all kinds of things for hype and to attract investors, but it doesn’t necessarily make it true.
matmuls•34m ago
looking at their commits, there are about 300+ commits tagged with " Generated with https://claude.com/claude-code" attribution.
dewey•29m ago
Just because AI tools are involved doesn't mean it's "Vibe coding".
thenaturalist•59m ago
Wow, chapeau to the author.

What an elegant, interesting read.

What I don't quite understand: Why is the Clickhouse bug not given more scrutiny?

Like that escape bug was what made the RCE possible and certainly a core DB company like ClickHouse should be held accountable for such an oversight?

matmuls•38m ago
ssrf was the entry point, and clickhouse is supposed to be an internal only service, but one could reach it only with that ssrf, so hence less of "scrutiny". The 0day by itself wouldnt be useful, unless an attacker can reach clickhouse, which they usually can't.
thenaturalist•9m ago
But if they do, prohibiting SQL injection, a critical last mile vulnerability, seems trivial?
lkt•31m ago
Out of interest, how much does ZDI pay for a bug like this?

The Cybernetic Teammate: A Field Experiment on Generative AI Reshaping Teamwork

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5188231
1•_____k•4m ago•0 comments

What Happens to a Startup When Venture Capitalists Replace the Founder

https://hbr.org/2018/02/research-what-happens-to-a-startup-when-venture-capitalists-replace-the-f...
1•tylerdane•4m ago•0 comments

On Leadership: Dialing Your Translucency

https://jeremyjenkins.me/blog/on-leadership-dialing-your-translucency/
1•mooreds•7m ago•0 comments

Cheap and easy ways to stock your emergency go bag

https://text.npr.org/nx-s1-5320173
1•mooreds•8m ago•0 comments

The New Wealth of Nations

https://foreignpolicy.com/2025/12/03/instrumental-capital-sovereign-wealth-funds-gulf/
1•mooreds•8m ago•0 comments

Show HN: Prompt-refiner – Lightweight optimization for LLM inputs and RAG

https://github.com/JacobHuang91/prompt-refiner
1•xinghaohuang•9m ago•0 comments

Show HN: I built a Resume Compiler because the ATS rejected my PDF

https://www.resumefy.pro/
1•lpipe•12m ago•1 comments

A Man Who Wanted to Believe in Life on Mars

https://newrepublic.com/article/202815/martians-book-review-man-believe-life-mars
1•Petiver•14m ago•0 comments

Valid Polish: Polish is the language of the Digerati

https://validpolish.com/
3•kyyt•14m ago•0 comments

OpenSUSE vs. Manjaro: Which Powerhouse Linux Distro Is Best?

https://www.zdnet.com/article/opensuse-versus-manjaro-linux-distros-compared-new-experienced-users/
1•TheWiggles•15m ago•2 comments

Laptop Linux: A (perhaps too deep) Dive into a Kernel Oddity

https://rohan.ga/blog/laptop_brightness/
1•ocean_moist•15m ago•0 comments

Mosquitoes capture ecosystems in their blood meals

https://news.ufl.edu/2025/12/mosquito-feeding/
1•geox•15m ago•0 comments

NOAA deploys new generation of AI-driven global weather models

https://www.noaa.gov/news-release/noaa-deploys-new-generation-of-ai-driven-global-weather-models
2•hnburnsy•16m ago•0 comments

Sudan tops global humanitarian crisis watchlist for third year

https://apnews.com/article/sudan-war-miliary-rsf-darfur-humanitarian-crisis-c4c2e147e7f3c05056eeb...
1•mhb•20m ago•0 comments

Apple explores chip assembly talks with Indian manufacturers

https://economictimes.indiatimes.com/tech/technology/domestic-firms-may-chip-in-for-the-iphone/ar...
2•doener•20m ago•0 comments

The Difference Between the Alarm and the Panic

https://fafi25.substack.com/p/the-difference-between-the-alarm
1•andrewstetsenko•21m ago•0 comments

Developers can now submit apps to ChatGPT

https://openai.com/index/developers-can-now-submit-apps-to-chatgpt/
9•tananaev•21m ago•0 comments

Show HN: CCS - Switch between multiple Claude accounts and AI models instantly

https://github.com/kaitranntt/ccs
1•dhiyaan•22m ago•0 comments

In-progress Call causes Screen Flickering

https://github.com/anthropics/claude-code/issues/769
2•ximeng•23m ago•1 comments

How Cal.com shipped an iOS/Android App in 3 weeks

https://cal.com/blog/how-cal.com-shipped-an-ios-android-app-using-expo-and-chrome-firefox-using-w...
1•sdko•24m ago•0 comments

Railway Incident December 16th, 2025

https://blog.railway.com/p/incident-report-december-16-2025
1•sdko•25m ago•0 comments

Building ChatGPT Apps with Supabase Edge Functions and MCP-Use

https://supabase.com/blog/building-chatgpt-apps-with-supabase
1•luigipederzani•26m ago•0 comments

How America's Education System Became a Weapon Against Itself

https://sleuthfox.substack.com/p/the-trojan-horse-how-americas-education
1•mhb•27m ago•0 comments

A look back: LANPAR, the first spreadsheet

https://technicallywewrite.com/2025/12/16/lanpar
1•rbanffy•29m ago•0 comments

China's Big AI Diffusion Plan Is Here. Will It Work?

https://mattsheehan.substack.com/p/chinas-big-ai-diffusion-plan-is-here
1•toomuchtodo•30m ago•0 comments

Backchanneling Is Becoming a Crutch

https://www.cristina.com/blog/backchanneling
1•cristinacordova•30m ago•0 comments

Saturn's biggest moon might not have an ocean after all

https://phys.org/news/2025-12-saturn-biggest-moon-ocean.html
2•bikenaga•32m ago•1 comments

Gemini 3 Flash Rivals Frontier Models at a Fraction of the Cost

https://thenewstack.io/googles-new-gemini-3-flash-rivals-frontier-models-at-a-fraction-of-the-cost/
2•coloneltcb•32m ago•1 comments

Billionaire Jared Isaacman, confirmed as NASA chief

https://www.bbc.com/news/articles/c5ydvlx28kwo
2•belter•32m ago•0 comments

Ask HN: Can upside down faces solve face recognition while wearing N95 masks?

2•amichail•32m ago•1 comments