frontpage.

We published a free CLI tool after writing about PinchTab — a browser hijacking technique that abuses Chrome DevTools Protocol to give attackers (or compromised AI agents) silent access to live browser sessions. No malware signature. No process injection. Most EDRs don't see it at all.

Unpinched is a point-in-time scanner — think nmap for PinchTab presence. Single Go binary, no install required, runs in ~3 seconds.

It checks four things: - Local ports for a PinchTab HTTP API server (with signature verification) - Running processes matching known PinchTab binary names - Unauthenticated CDP exposure on localhost:9222 - Known filesystem artifact paths across macOS, Linux, Windows

Also ships as a GitHub Action so you can gate deploys on a clean scan result.

GitHub: https://github.com/Helixar-AI/Unpinched

The underlying research on why CDP-based attacks evade conventional security stacks is here if you're curious: https://helixar.ai/press/pinchtab-stealth-browser-attacks-yo...

Happy to answer questions on the detection logic or the threat model.

You only breathe out of one nostril at a time

Show HN: Signed Receipts for Agent Actions

MapReduce Framework

Ask HN: What models do you use for your OpenClaw so that skills work well

IMG_0416

Child care providers fight headwinds on Colorado's rural Eastern Plains

Show HN: Sinkhole – 30 free browser-based tools, no signup, MIT licensed

Rust-Like Error Handling in TypeScript

Show HN: Pasu- Open-Source CLI AWS IAM Analyzer Tool

Show HN: Beta-Claw – I built an AI agent runtime that cuts token costs by 44%

Show HN: ClawGuard – Detect 42 prompt injection patterns in <10ms

Reimagining HTTP 402 – Simplify API and agentic payments with Stripe

The Silent Filter

Show HN: Whichllm – Find and run the best local LLM for your hardware

Live Nation reaches settlement with DOJ in antitrust fight

The Third Hard Problem

Show HN: Needle – Search Reddit, Hacker News, GitHub and Forums in One Place

We Hacked McKinsey's AI Platform

Owner of ICE detention facility sees big opportunity in AI man camps

Love in the Time of A.I. Companions

United States Leads Dismantlement of One of the World's Largest Hacker Forums

Streaming My Vitals to Dr. Claw

Anti-Simplification

"It doesn't feel safe"–Many international game developers plan to skip GDC in US

Broadcom May Become the Biggest Counterbalance to Nvidia

Show HN: AgentScan – Detect AI agent accounts on GitHub

Dire Strait

My TrueNAS Core (FreeBSD) Homelab

White Gloss TV Unit: Boosts LED and Lamp Light More Than Matte Finish

FreeBSD Capsicum vs. Linux Seccomp Process Sandboxing

Show HN: Unpinched – open-source PinchTab and CDP bridge detector