frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Three RCEs in Ilias Learning Management System

https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce
13•hack223•2h ago

Comments

hannob•1h ago
Okay, story time: back in 2018, the German government's foreign ministry was hacked.

At the time, a colleague of mine (we were both working for the German IT news magazine Golem) found a web page by a government-associated university that was offline with a message that it's been taken down due to a security issue.

Putting a few hints together, we figured out that Ilias was hosted therer, and that this was how the attack on the government initially started.

We weren't able to figure out which vulnerability was used, but had some ideas what it might've been. (Older versions had a default password for the admin account.)

One wonders: there's an Open Source software that's widely used by universities, even by government-associated universities. It's been the cause of a high-profile attack on a government before. One wonders why that doesn't trigger sufficient funding for regular, high-quality security audits of that software.

Article from 2018: https://www.golem.de/news/government-hack-hack-on-german-gov...

quibono•31m ago
Re: the unauthenticated RCE (CVE-2025-11344), am I to understand that Apache will read and honour any .htaccess file it finds, even outside of the config root path? The lack of file clean-up when handling the exception is one thing... but this .htaccess logic strikes me as a bizarre default (if true).

Radicle: The Sovereign Forge

https://radicle.xyz
191•ibobev•4h ago•87 comments

KORG phase8 – Acoustic Synthesizer

https://www.korg.com/us/products/dj/phase8/
65•bpierre•3h ago•39 comments

Booting from a vinyl record (2020)

https://boginjr.com/it/sw/dev/vinyl-boot/
204•yesturi•7h ago•57 comments

AI is a horse (2024)

https://kconner.com/2024/08/02/ai-is-a-horse.html
341•zdw•3d ago•177 comments

Show HN: Zsweep – Play Minesweeper using only Vim motions

https://zsweep.com
26•oug-t•5d ago•8 comments

Gas Town's Agent Patterns, Design Bottlenecks, and Vibecoding at Scale

https://maggieappleton.com/gastown
95•pavel_lishin•1h ago•110 comments

Show HN: Whosthere: A LAN discovery tool with a modern TUI, written in Go

https://github.com/ramonvermeulen/whosthere
123•rvermeulen98•6h ago•52 comments

Proton Spam and the AI Consent Problem

https://dbushell.com/2026/01/22/proton-spam/
385•dbushell•11h ago•241 comments

I built a light that reacts to radio waves [video]

https://www.youtube.com/watch?v=moBCOEiqiPs
379•codetheweb•12h ago•82 comments

Three RCEs in Ilias Learning Management System

https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce
13•hack223•2h ago•2 comments

Show HN: New 3D Mapping website - Create heli orbits and "playable" map tours.

https://www.easy3dmaps.com/gallery
4•dobodob•32m ago•1 comments

Updates to our web search products and Programmable Search Engine capabilities

https://programmablesearchengine.googleblog.com/2026/01/updates-to-our-web-search-products.html
177•01jonny01•8h ago•149 comments

European Alternatives

https://european-alternatives.eu
268•s_dev•5h ago•107 comments

Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops

https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock...
8•bookofjoe•8m ago•1 comments

Show HN: isometric.nyc – giant isometric pixel art map of NYC

https://cannoneyed.com/isometric-nyc/
1183•cannoneyed•1d ago•217 comments

Flying with Photons: Rendering Novel Views of Propagating Light

https://anaghmalik.com/FlyingWithPhotons/
19•pillars•3d ago•5 comments

GPTZero finds 100 new hallucinations in NeurIPS 2025 accepted papers

https://gptzero.me/news/neurips/
911•segmenta•1d ago•484 comments

What has Docker become?

https://tuananh.net/2026/01/20/what-has-docker-become/
184•tuananh•5h ago•200 comments

Capital One to acquire Brex for $5.15B

https://www.reuters.com/legal/transactional/capital-one-buy-fintech-firm-brex-515-billion-deal-20...
367•personjerry•20h ago•292 comments

AI Usage Policy

https://github.com/ghostty-org/ghostty/blob/main/AI_POLICY.md
424•mefengl•8h ago•205 comments

Why does SSH send 100 packets per keystroke?

https://eieio.games/blog/ssh-sends-100-packets-per-keystroke/
614•eieio•22h ago•323 comments

I was banned from Claude for scaffolding a Claude.md file?

https://hugodaniel.com/posts/claude-code-banned-me/
672•hugodan•23h ago•581 comments

Replacing Protobuf with Rust to go 5 times faster

https://pgdog.dev/blog/replace-protobuf-with-rust
136•whiteros_e•9h ago•96 comments

The state of modern AI text to speech systems for screen reader users

https://stuff.interfree.ca/2026/01/05/ai-tts-for-screenreaders.html
64•tuukkao•8h ago•27 comments

Qwen3-TTS family is now open sourced: Voice design, clone, and generation

https://qwen.ai/blog?id=qwen3tts-0115
694•Palmik•1d ago•210 comments

Presence in Death

https://rubinmuseum.org/presence-in-death/
53•tock•5h ago•14 comments

Microsoft mishandling example.com

https://tinyapps.org/blog/microsoft-mishandling-example-com.html
187•mrled•5h ago•69 comments

Douglas Adams on the English–American cultural divide over "heroes"

https://shreevatsa.net/post/douglas-adams-cultural-divide/
520•speckx•1d ago•515 comments

Your app subscription is now my weekend project

https://rselbach.com/your-sub-is-now-my-weekend-project
505•robteix•4d ago•345 comments

Why medieval city-builder video games are historically inaccurate (2020)

https://www.leidenmedievalistsblog.nl/articles/why-medieval-city-builder-video-games-are-historic...
211•benbreen•17h ago•138 comments