news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

CVE-2026-42167: SQLi and possible auth bypass or RCE in ProFTPD

https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce

1•AllAlongTheWay•1h ago

Comments

AllAlongTheWay•1h ago

If ProFTPD is configured to use mod_sql for logging, SQL injection pre or post auth is possible via CVE-2026-42167. The impact of this injection depends on server configuration. It ranges from full pre auth RCE in rare cases, to auth bypass, to privilege escalation, to bypassing quotas and subverting other functionality implemented by modules that depend on mod_sql for storage.

Of the 160k public-facing PureFTPD instances, approximately 1% were vulnerable to pre-auth injection two days ago, and presumably a larger number were vulnerable post auth, given the larger post auth attack surface.

Patch ProFTPD ASAP or disable all logging via mod_sql for the time being.

Slow Down to Speed Up

https://dhruvasagar.dev/posts/slow-down-to-speed-up/

1•lisperforlife•2m ago•0 comments

Humanoid robots start sorting luggage in Tokyo airport test amid labor shortage

https://arstechnica.com/ai/2026/04/japan-airlines-tests-having-robots-instead-of-humans-handle-tr...

2•Brajeshwar•3m ago•0 comments

The Mix-Up at the Heart of the Supreme Court's Conversion Therapy Ruling

https://nautil.us/the-mix-up-at-the-heart-of-the-supreme-courts-conversion-therapy-ruling-1280307

2•Tomte•4m ago•0 comments

IATA Chief Warns of Possible Jet Fuel Shortages This Summer

https://airlinegeeks.com/2026/04/28/iata-chief-warns-of-possible-jet-fuel-shortages-this-summer/

2•cf100clunk•4m ago•0 comments

Show HN: AgentPort – Open-source Security Gateway For Agents

https://agentport.sh/

2•yakkomajuri•4m ago•0 comments

YouTube Took over the American Classroom

https://www.wsj.com/us-news/education/youtube-chromebooks-schools-children-brain-f151dfbb

2•caminante•5m ago•1 comments

CST (Cyber Solution Team)

2•ROHOMOT•6m ago•0 comments

The Final Form of Software Development

https://blog.zksecurity.xyz/posts/end-coding/

2•baby•8m ago•0 comments

The 90-Year-Old Regulatory Model That Could Work for AI

https://www.lawfaremedia.org/article/ai-companies-can-t-regulate-themselves-they-should-regulate-...

2•cephalot•8m ago•0 comments

Migrating a 40-year-old Clipper ERP: the orphan invoice rows weren't a bug

https://asktheledger.com/blog/clipper-erp-migration-orphan-rows.html

2•josephsprei•11m ago•1 comments

PS5 Linux

https://github.com/ps5-linux/ps5-linux-loader

3•LorenDB•12m ago•0 comments

Chinese Robots Are Flooding America. I Brought One Home [video]

https://www.youtube.com/watch?v=ucy9VTLDwPU

2•bryan0•12m ago•0 comments

Age verification vendor Persona left front end exposed, researchers say

https://www.malwarebytes.com/blog/news/2026/02/age-verification-vendor-persona-left-frontend-exposed

2•offbyone42•12m ago•0 comments

The US Tech Giant Where Employees Wear IDF Uniforms to Work

https://www.donotpanic.news/p/exclusive-the-us-tech-giant-where

14•sosomoxie•14m ago•5 comments

At Protocol: Building the Social Internet

https://atproto.com/

2•resiros•16m ago•0 comments

Codex and ForgeCAD: Generating a Model of the Teenage Engineering KO II

https://twitter.com/theopuslabs/status/2049195007404380244

1•opuslabs•16m ago•0 comments

NASA chief Jared Isaacman says he's fighting for Pluto

https://www.space.com/astronomy/pluto/nasa-chief-jared-isaacman-says-hes-fighting-for-pluto-i-am-...

2•thunderbong•19m ago•0 comments

Better Hardware Could Turn Zeros into AI Heroes

https://spectrum.ieee.org/sparse-ai

1•Brajeshwar•20m ago•0 comments

Anaconda Acquires Outerbounds to Unify AI-Native Development

https://www.anaconda.com/blog/anaconda-acquires-outerbounds

1•htrp•20m ago•0 comments

Potemkin Village

https://en.wikipedia.org/wiki/Potemkin_village

1•rbanffy•20m ago•0 comments

Show HN: VT Code – Rust coding agent with AST-level code intelligence

https://github.com/vinhnx/VTCode

1•vinhnx•20m ago•0 comments

Nikita Bier Runs X. Give Me a Few Hours. Iranian flag change and account purge

https://dannykpolitics.substack.com/p/part-two-the-pattern-nikita-biers

4•logcode•21m ago•0 comments

FastCGI: 30 Years Old and Still the Better Protocol for Reverse Proxies

https://www.agwa.name/blog/post/fastcgi_is_the_better_protocol_for_reverse_proxies

3•agwa•21m ago•0 comments

TI-84 Evo

https://education.ti.com/en/products/calculators/graphing-calculators/ti-84-evo

3•kermatt•21m ago•0 comments

Customer.io told me to delete 80% of my list. Rebuilt it with Claude in 27 days

https://twitter.com/JakeMRuth/status/2049521900464791604

1•hippofluff•21m ago•0 comments

Maximising the Value of Ajinomoto

https://mms.businesswire.com/media/20260331226478/en/2761328/1/EN_Palliser_-_Ajinomoto_Value_Enha...

1•num42•22m ago•0 comments

30 ClawHub skills secretly turn AI agents into a crypto swarm

https://www.theregister.com/2026/04/29/30_clawhub_skills_mine_crypto/

1•Bender•22m ago•0 comments

Ramping Figure 03 Production

https://www.figure.ai/news/ramping-figure-03-production

1•denysvitali•22m ago•0 comments

Superpower for Gemini – Chrome Extension

https://superpowerforai.com/Gemini/Home/

1•Kindly_Revenue•23m ago•0 comments

NASA Boss: Make Pluto a Planet Again

https://www.theregister.com/2026/04/29/nasa_boss_make_pluto_a_planet_again/

1•LorenDB•23m ago•0 comments