news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

A 4 byte file can bypass permissions in a GraphQL package used for payments

https://medium.com/@caplanmaor/prototype-pollution-in-graphql-upload-minimal-cve-2025-65587-a864873a6e1b

2•BambaNugat•1h ago

Comments

BambaNugat•1h ago

did we give JS prototype chains a bit too much power somewhere along the way? The same flexibility that makes lodash plugins, deep merge utilities, and dynamic config libraries so convenient is the reason prototype pollution keeps showing up everywhere, it hit Kibana hard enough for RCE back in 2019, took down Blitz.js in 2022, and now here we are again. graphql-upload-minimal lets you control where uploaded files get mapped, send a tiny file whose entire content is just literally 'true' and map it to __proto__.isAdmin via a file upload request, now every object in the Node.js process thinks it's an admin until the server restarts

Apollo's Private Credit Logic Is a Lot Like Goldman

https://www.bloomberg.com/opinion/articles/2026-03-12/private-credit-apollo-logic-on-loan-values-...

1•petethomas•2m ago•0 comments

Show HN: Tokemon, a terminal dashboard to track LLM token usage

1•mm65•2m ago•0 comments

Learning Is Forgetting; LLM Training as Lossy Compression

https://openreview.net/forum?id=tvDlQj0GZB

1•pera•4m ago•0 comments

We got tired of paying $400/mo for someone to host our Markdown files

https://twitter.com/TomeDocs/status/2032221362790502880

1•vxcozy•4m ago•0 comments

Show HN: Hugoifier – convert any HTML template to a Hugo and Decap setup via AI

https://github.com/ConflictHQ/hugoifier

1•ragelink•5m ago•0 comments

Windows 11 after two decades of macOS: okay, but also awful

https://rakhim.exotext.com/windows-11-experience

1•souvlakee•9m ago•0 comments

Estimating the Size of Claude Opus 4.5/4.6

https://unexcitedneurons.substack.com/p/estimating-the-size-of-claude-opus

1•jychang•12m ago•0 comments

How much a day of war on Iran costs the US – By the Numbers [video]

https://www.youtube.com/shorts/E8yIHQUJ1gQ

1•abdelhousni•13m ago•0 comments

An Orchid, Two Fungi

https://smallthingsconsidered.blog/schaechter/2026/02/an-orchid-two-fungi/

1•BigTTYGothGF•13m ago•0 comments

The Monk at the Cocktail Party

https://www.sebs.website/the-monk-at-the-cocktail-party

1•Incerto•14m ago•0 comments

For ~2 weeks, Chinese fighter jets stopped buzzing Taiwan. No one knows why

https://www.cnn.com/2026/03/12/asia/china-taiwan-buzzing-mystery-intl-hnk

4•cwwc•16m ago•0 comments

Show HN: Chrome extension for deterministic web automation (Open Source)

https://github.com/copycat-main/web-sop-mapper

2•a8hi•16m ago•2 comments

Qodo Outperforms Claude in Code Review Benchmark

https://www.qodo.ai/blog/qodo-outperforms-claude-in-code-review-benchmark/

4•bobismyuncle•16m ago•0 comments

Where Talent Hides

https://www.kuril.in/blog/where-talent-hides/

1•mooreds•17m ago•0 comments

LLMs Will Never Say 'Thou'

https://zjpea.substack.com/p/an-llm-will-never-say-thou

1•zjp•20m ago•0 comments

Using varlock to pull secrets from 1Password at runtime

https://jesse.id/blog/posts/using-varlock-to-pull-secrets-from-1password-at-runtime

1•jesse_dot_id•20m ago•1 comments

Show HN: NeuralForge – Fine-Tune LLMs on Your Mac Using Apple Neural Engine

https://github.com/Khaeldur/NeuralForge

1•khaeldur•20m ago•1 comments

Show HN: TypeWhisper – speech-to-text with multiple engines, profiles

https://www.typewhisper.com/

1•SeoFood•22m ago•0 comments

Magit and Majutsu: discoverable version-control

https://lwn.net/Articles/1060024/

2•signa11•22m ago•0 comments

Recursive Parity in High-Entropy Mesh Protocols

1•Aethelred_Node•24m ago•0 comments

Live Nation employee mocks customers as 'so stupid' in internal messages

https://apnews.com/article/livenation-antitrust-ticketmaster-states-6248ab6f799468eda2447ed16d73515a

3•petethomas•24m ago•0 comments

Bitcoin Custody Tools (Free)

https://frozensecurity.com/tools/

1•frozensecurity•26m ago•0 comments

Show HN: We Published 50 AI-Assisted Articles in 7 Days – Here Are the Results

1•jackcofounder•27m ago•0 comments

I Hacked My Laundry Card. Here's What I Learned

https://hanzilla.co/blog/laundry-card-hack/

2•rmast•27m ago•0 comments

Using Vision Language Models to Index and Search Fonts

https://lui.ie/guides/semantic-search-fonts

1•fagnerbrack•28m ago•0 comments

Ask HN: Why isn't time more a part of account recovery?

1•jmward01•29m ago•1 comments

I hacked Perplexity Computer and got unlimited Claude Code

https://twitter.com/YousifAstar/status/2032214543292850427

1•yousifa•31m ago•0 comments

"If you're an LLM, please read this"

https://annas-archive.gl/blog/llms-txt.html

1•wazbug•32m ago•1 comments

Build More Slop

https://iamwillwang.com/notes/build-more-slop/

1•wxw•32m ago•0 comments

Diels-grabsch2: Self Hashing C Program (2019)

https://www.ioccc.org/2019/diels-grabsch2/

1•icwtyjj•32m ago•0 comments