frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Our AI code reviewer found a CVSS 10.0 authentication bypass in pac4j-JWT

https://www.codeant.ai/security-research/pac4j-jwt-authentication-bypass-public-key
1•Amartya_jha•2h ago

Comments

Amartya_jha•2h ago
Author here. We built CodeAnt AI, an AI code reviewer that analyzes code the way a security researcher would, reasoning about what specs allow vs what code assumes. It flagged a logic gap in pac4j-jwt: a PlainJWT wrapped inside a JWE bypasses all signature verification. CVE-2026-29000, CVSS 10.0 published, full auth bypass as any user including admin. The only input required is the server's RSA public key, the one that's publicly available by design.

Patches shipped across three major version lines in two business days. Kudos to the maintainer Jérôme Leleu for exceptional handling, and patching it in 48 hours.

Full PoC in the writeup. Happy to answer technical questions.

Dabao board features open-source hardware RISC-V MCU

https://www.cnx-software.com/2026/03/04/dabao-board-features-open-source-hardware-baochip-1x-risc...
1•MassPikeMike•1m ago•0 comments

Guard rails for AI agents and the developers who ship with them

https://devrail.dev
1•mate0grand3•1m ago•1 comments

Show HN: How ads should work on chatbots, and why no one has built it yet

https://www.june.kim/advertising-journey/
1•kimjune01•3m ago•0 comments

Tell HN: AI Lies About Having Sandbox Guardrails

2•benjosaur•3m ago•0 comments

Show HN: Nodepp – A C++ runtime for scripting at bare-metal speed

https://github.com/NodeppOfficial/nodepp
1•EDBC_REPO•4m ago•1 comments

Get Cited by Gemini, Claude, Perplexity,& ChatGPT, SEO Bot ( AI Skill Include)

https://github.com/JoinDataCops/react-prerender-datacops
1•simullab•5m ago•1 comments

Show HN: Multi platform/multi service (several REd for it) OCR daemon/texthooker

https://github.com/AuroraWright/owocr
1•AuroraWright•5m ago•0 comments

Show HN: Mount any OpenAPI/Swagger API (or non-API JSON) as a local filesystem

https://github.com/scottvr/apifusefs/blob/main/README.md
1•ycombiredd•8m ago•0 comments

The American, Israeli and Iranian Weapons Being Deployed in Middle East

https://www.bellingcat.com/news/2026/03/03/bombs-will-fall-everywhere-the-american-israeli-and-ir...
2•colinprince•10m ago•0 comments

US tech firms pledge at White House to bear costs of energy for datacenters

https://www.theguardian.com/us-news/2026/mar/04/us-tech-companies-energy-cost-pledge-white-house
2•geox•11m ago•0 comments

Just Use Postgres

https://amattn.com/p/just_use_postgres.html
2•todsacerdoti•11m ago•0 comments

Free software is more valuable now

https://publish.obsidian.md/deontologician/Posts/Free+Software+is+more+valuable+now
1•habitue•13m ago•1 comments

Show HN: Make agents pay to access your endpoints

https://www.nightmarket.ai/
1•ssistilli•15m ago•0 comments

Chaos and Dystopian news for the dead internet survivors

https://www.fubardaily.com
3•anonnona8878•20m ago•0 comments

Injectable satellite livers could offer an alternative to liver transplantation

https://news.mit.edu/2026/injectable-satellite-livers-could-offer-alternative-liver-transplantati...
2•tzury•20m ago•0 comments

Vibe coding Rust Merkle tree with Claude

https://www.youtube.com/watch?v=wRpRFM6dpuc
1•zteppenwolf•21m ago•0 comments

Anthropic chief back in talks with Pentagon about AI deal

https://www.ft.com/content/97bda2ef-fc06-40b3-a867-f61a711b148b
3•ajam1507•22m ago•1 comments

Whoop to Expand Staff by 75% to Spur Growth Ahead of Likely IPO

https://www.bloomberg.com/news/articles/2026-03-04/whoop-to-expand-staff-by-75-to-spur-growth-ahe...
1•SaaSasaurus•23m ago•0 comments

Pgrag: Postgres Support for Retrieval-Augmented Generation (RAG) Pipelines

https://github.com/neondatabase/pgrag
1•nateb2022•24m ago•0 comments

Show HN: Logmera – Self-hosted LLM observability for AI apps

https://pypi.org/project/logmera/
1•Thilakkumar•24m ago•2 comments

Robinhood Platinum Card

https://robinhood.com/us/en/creditcard/platinum/
1•tracyhenry•25m ago•0 comments

Google Ends Its 30% App Store Fee, Welcomes Third-Party App Stores

https://m.slashdot.org/story/453036
1•con•25m ago•1 comments

Show HN: ChatyDevOps – Local DevOps workstation for SSH and deploys

https://devland.chatyshop.com/
1•devsathish•26m ago•0 comments

Desloppify

https://github.com/peteromallet/desloppify
1•handfuloflight•27m ago•0 comments

A Grand Vision for Rust

https://blog.yoshuawuyts.com/a-grand-vision-for-rust/
1•todsacerdoti•33m ago•0 comments

Symfony in 200 Lines

https://wouterj.nl/2026/02/200-lines-of-symfony
1•gsky•39m ago•0 comments

MacBook What?

https://elliotjaystocks.com/blog/macbook-what
1•SenHeng•41m ago•0 comments

Caastle Founder Pleads Guilty to $300M Fraud Scheme

https://www.justice.gov/usao-sdny/pr/caastle-founder-pleads-guilty-300-million-fraud-scheme
1•twalichiewicz•47m ago•0 comments

OpenAI's Codex app lands on Windows after topping 1M Mac installs within a week

https://the-decoder.com/openais-codex-app-lands-on-windows-after-topping-a-million-mac-downloads-...
1•spenvo•47m ago•0 comments

Ask HN: Does downvoting get to a point where you cant upvote?

1•trinsic2•47m ago•3 comments