frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

A tiny, decentralised tool to explore the small web

https://codeberg.org/susam/wander
1•carte_blanche•19s ago•0 comments

We were building radios wrong: The genius of OFDM

https://www.gawtham.com/blog/so-what-is-ofdm
1•Gawtham•54s ago•1 comments

Hazards of Agentic Engineering

https://bertolami.com/blog/hazards-of-agentic-engineering
3•wontons•1m ago•0 comments

Show HN: Yapper – free, open-source alternative to Superwhisper for macOS

https://github.com/ahmedlhanafy/yapper
1•ahmedlhanafy•2m ago•0 comments

A meteor exploded over Ohio and Pennsylvania

https://www.popsci.com/science/ohio-pennsylvania-meteor/
2•Brajeshwar•2m ago•0 comments

Permit MCP Gateway, a new trust and enforcement layer for MCP

https://www.permit.io/blog/announcing-permit-mcp-gateway
3•shimont•3m ago•0 comments

Show HN: Xybrid – run LLM and speech locally in your app (no back end, Rust)

https://github.com/xybrid-ai/xybrid
1•theGlenn•4m ago•0 comments

Numerical Linear Algebra

https://isaac-flath.github.io/APL-Exploration/posts/Fastai_Numerical_Linear_Algebra_1.html
2•tosh•5m ago•0 comments

Pioneering geothermal plant launched in Cornwall, UK

https://www.theguardian.com/environment/2026/feb/26/cornwall-new-geothermal-project-launches
1•toomuchtodo•6m ago•1 comments

Show HN: I built 48 lightweight SVG backgrounds you can copy/paste

https://www.svgbackgrounds.com/set/free-svg-backgrounds-and-patterns/
1•visiwig•7m ago•1 comments

Wander – A tiny, decentralised tool (just 2 files) to explore the small web

https://susam.net/wander/
1•oystersareyum•8m ago•0 comments

Daemons that clean up the mess agents leave behind

https://ai-daemons.com/
3•neom•9m ago•0 comments

Wide logging: Stripe's canonical log line pattern

https://blog.alcazarsec.com/tech/posts/wide-logging
1•alcazar•10m ago•0 comments

Ranking of Fruits

https://beyondloom.com/blog/rankingoffruits.html
2•tosh•10m ago•0 comments

Fatty acids promote uncoupled respiration in white adipocytes

https://www.nature.com/articles/s42255-026-01467-2
1•PaulHoule•11m ago•0 comments

Learn Lil in 10 Minutes

https://beyondloom.com/decker/learnlil.html
1•tosh•13m ago•0 comments

FSFE reports trouble with payment provider

https://lwn.net/Articles/1063287/
1•t-3•13m ago•0 comments

25 Years of Eggs

https://www.john-rush.com/posts/eggs-25-years-20260219.html
1•avyfain•13m ago•0 comments

Meta will shut down VR Horizon Worlds access June 15

https://www.engadget.com/ar-vr/meta-will-shut-down-vr-horizon-worlds-access-in-june-222028919.html
6•bookofjoe•14m ago•0 comments

CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root

https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-f...
3•askl•14m ago•0 comments

Ask HN: How do you handle payments for AI agents?

1•bahaghazghazi•14m ago•0 comments

Fuck It, I'm European

https://cdn.shopify.com/s/files/1/0945/2329/4031/files/12F_Fuck_It_I_m_European.pdf?v=1771760064
2•doener•15m ago•0 comments

Does technology make people touch each other less? (2015)

https://www.bbc.com/news/magazine-31026410
1•simonebrunozzi•15m ago•0 comments

Show HN: Loom, a Component Framework for Go

https://loomui.dev/blog/introducing-loom/
1•AnatoleLucet•15m ago•0 comments

Show HN: SentrySearch – Semantic search over dashcam footage

https://github.com/ssrajadh/sentrysearch
1•sohamrj•15m ago•0 comments

Beam Metrics in ClickHouse

https://andrealeopardi.com/posts/beam-metrics-in-clickhouse/
2•whatyouhide•15m ago•0 comments

The Rise of Fake Casio Scientific Calculators

https://hackaday.com/2025/12/29/the-rise-of-fake-casio-scientific-calculators/
3•gaws•15m ago•0 comments

Building a Pipeline for Agentic Malware Analysis

https://synthesis.to/2026/03/18/agentic_malware_analysis.html
5•oneron•16m ago•0 comments

Show HN: AgentPay – Let AI agents pay for APIs autonomously

3•bahaghazghazi•16m ago•0 comments

Ask HN: Are MiniMax Models Scams?

2•XCSme•16m ago•0 comments
Open in hackernews

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/
60•WalterSobchak•1h ago

Comments

joezydeco•1h ago
I got an alert this morning for an iOS update numbered 26.3.1(a).

(a)? This must be really bad.

FuriouslyAdrift•1h ago
Impact: Processing maliciously crafted web content may bypass Same Origin Policy

Description: A cross-origin issue in the Navigation API was addressed with improved input validation.

WebKit Bugzilla: 306050

CVE-2026-20643: Thomas Espach

dewey•1h ago
> It can take over devices running iOS 18 that simply visit infected websites.

I wonder if this is supposed to be > iOS 18 or really just version 18?

quentindanjou•1h ago
It's in the source article (from Google Research group):

> DarkSword supports iOS versions 18.4 through 18.7

https://cloud.google.com/blog/topics/threat-intelligence/dar...

The source exploits continued to be patched with all of them patched in iOS 26.3

dewey•55m ago
Oh, I was confused why the article was so short and chalked it up to it being some developing story. Turns out there's a "You’ve read your last free article." heading that hides the rest but it's not very obvious that there's an article hiding.
bombcar•48m ago
What device? I don't see anything beyond 26.3.1 on my iPhone 15 PromaxXDR™
joezydeco•40m ago
iPhone 15 (vanilla) running iOS 18.7.2. I now have a permanent notification on my lock screen nagging me to update to iOS 26.
qaz_plm•18m ago
Enabling beta updates for ios18 should kill the nagging notification.
joezydeco•5m ago
I'm keeping it there to remind me to stay defiant against the shittier UI. I'll wait until they can put it on a user switch or create a more readable option for older users. Which will probably be 'never'.
fn-mote•3m ago
But still only gets you to 18.7.3
jryio•1h ago
Here is the Google Research group's writeup

https://cloud.google.com/blog/topics/threat-intelligence/dar...

Relevant forward:

> GTIG has identified several different users of the DarkSword exploit chain dating back to November 2025. In addition to the case studies on DarkSword usage documented in this blog post, we assess it is likely that other commercial surveillance vendors or threat actors may also be using DarkSword.

> Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at least November 2025, GTIG has observed multiple commercial surveillance vendors and suspected state-sponsored actors utilizing DarkSword in distinct campaigns. These threat actors have deployed the exploit chain against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.

> DarkSword supports iOS versions 18.4 through 18.7 and utilizes six different vulnerabilities to deploy final-stage payloads. GTIG has identified three distinct malware families deployed following a successful DarkSword compromise: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER. The proliferation of this single exploit chain across disparate threat actors mirrors the previously discovered Coruna iOS exploit kit. Notably, UNC6353, a suspected Russian espionage group previously observed using Coruna, has recently incorporated DarkSword into their watering hole campaigns.

alecco•57m ago
This should be the post, not Wired's blogspam.
bix6•19m ago
I know everyone hates liquid glass but isn’t that better security wise than being on an iOS that’s 8 versions behind?
jryio•18m ago
There are not 8 major versions between iOS 18 and iOS 26. Apple skipped the monotonously increasing version numbering system since iOS 1 during WDDC 2025 to adopt a year suffix based versioning system.

iOS 17, then iOS 18, then iOS 26, then iOS 27.

You're not the only party confused.

bix6•4m ago
Haha thanks! Good to know they are on years now. Back to random version numbers in 5 year? :p
BTAQA•1h ago
The interesting angle here is what this means for passes and credentials stored in Apple Wallet. If device compromise is this accessible, the assumption that Wallet passes are isolated from the rest of the device needs more scrutiny. Apple's security model relies heavily on the secure enclave but a tool like this changes the threat surface significantly.
ozlikethewizard•19m ago
This is always the threat with walled garden style security. When you couple applications so tightly in an intrinsic trust network, on the basis that no external attacker can gain access, then the internal security is neglected and it only takes the weakest link.
ramesh31•54m ago
Welp, I've been holding on out that liquid glass crap as long possible. Guess my phone is just going to suck now.
bombcar•48m ago
If it's really as bad as all that, they'll patch existing older releases.
pfortuny•24m ago
One can hope but I do not trust them.
xoa•11m ago
>If it's really as bad as all that, they'll patch existing older releases.

They have patched existing releases of iOS 18... but then they artificially restricted those patches only to a couple of phone models that don't support iOS 26. So if you're on a vaguely modern iDevice and are still on 18 because you don't want the new UI and other fuckups you are not allowed to install the patched 18. It'd be one thing if you had a phone that simply never supported iOS 18 at all, or if Apple wasn't patching iOS 18 at all for anyone, but that they've gone to the effort to fix it but then also used it as another lever for force upgrades is really sucky.

msk-lywenn•46m ago
Apple is probably going to issue an update for 18. Heck they released a security update for coruna on 15.x last week. Same thing maybe?
dhosek•31m ago
Liquid glass isn’t too bad on the iPhone or even the iPad. It’s mostly on the Mac that it sucks.
neom•29m ago
I thought the same thing but updated couple weeks back and actually really really enjoy the liquid glass. I don't recall what it was about the release that made me think I'd hate it, but I've half fallen in love with it, I was just thinking yesterday I wonder what all the fuss was about.
Analemma_•19m ago
I don’t like it on the iPhone, but it’s more a “sigh, I’ll live with it” downgrade than a catastrophic one (at least once you go into the Safari settings and turn off the huge useless address bar by putting it in compact mode). It’s on the Mac where it’s truly a shitshow.
thejazzman•4m ago
I believe it's changed a lot since it was initially debut'd via the betas. And there was that Supabase post mocking it, where they made the whole UI glass, and that biased me a bit ha
k2enemy•46m ago
I'm really hoping Apple backtracks on its refusal to update the 18.x line for phones that are compatible with 26. At least provide a security update.
kace91•31m ago
Their design disaster must be hidden in metrics, damn be security.
lynndotpy•26m ago
Apple used to have a really good security record, it's mind boggling they blew it all up just to force Liquid Glass on users.

For those not in the loop, Apple used to provide security patches for supported older iOS versions. They changed a lot of behavior around the release of Liquid Glass (iOS 26, MacOS Tahoe). Starting with iOS 18.7.3, they only release patch versions for the iPhone XS and XR. They've repeated this, through to 18.7.6 now.

So much goodwill and trust, obliterated.

pfortuny•25m ago
Not going to happen (despite my still being on 18.x) because they want to force you to upgrade to 26 for publicity. As simple as that.

The new "security upgrade available" will (I bet) be "to 26".

hnburnsy•27m ago
>We also identified additional code added when the actor attempts to infect a user using Chrome, where the x-safari-https protocol handler is used to open the page in Safari (Figure 4). This suggests that UNC6748 didn't have an exploit chain for Chrome at the time of this activity.

Thanks Apple for allowing the overriding of the user's default browser.

MrDOS•25m ago
I wish I had a better sense of how these zero-click vulnerabilities work so I could get a sense of how to protect myself from them (you know, without giving in to Liquid Glass). Can they be blocked by an ad blocker? Are they blocked by any extant ad blockers? What about “Lockdown Mode”?
bix6•12m ago
My understand is ad blockers only stop one class. Lockdown Mode is supposedly a major upgrade given all the underlying processes it blocks / slows.
fn-mote•6m ago
Note that this is 1-click.

0-click example: receive an MMS with a malformed image that exploits a bug in decoding

throwaway2016a•20m ago
I was literally just attending a course on "innovation" and the topic of Apple vs Android was covered. Interestingly enough, a majority of students commenting cited iOS "security" as a core value proposition. As an Android user, however, I know there are a lot of CVEs in volume but in terms of severity, when an iOS issue happens it appears to generally be much more severe.
eugenekolo•15m ago
It's actually a fascinating find by Lookout, iVerify, and Google. This is a multi million dollar exploit chain sold to various buyers.

Complete full chain 1-click exploit from Safari to complete device take over exfiltrating personal data, passwords, and crypto wallets.

https://www.lookout.com/threat-intelligence/article/darkswor...

https://iverify.io/blog/darksword-ios-exploit-kit-explained

https://cloud.google.com/blog/topics/threat-intelligence/dar...

walterbell•3m ago
[delayed]
kevincloudsec•1m ago
the supply chain for offensive tooling is now indistinguishable from the supply chain for malware. take care of your security team!