frontpage.

Public release of *ZombieHunter*, a forensics tool detecting live exploitation of CVE‑2026‑20700 (dyld memory corruption) in iOS 26.3. Analysis of sysdiagnose archives shows identical exploit shells showing different C2 endpoints:

US Device 1 → 83.116.114.97 (EU/US) US Device 2 → 101.99.111.110 (CN)

The rogue dyld_shared_cache slice triggers overflow via malformed `mappings_count`, executes shellcode (BL #0x15cd), and applies an AMFI bypass (`DYLD_AMFI_FAKE`) enabling unsigned code persistence. Apple PSIRT + CISA were notified; public disclosure follows.

Sample: https://drive.google.com/file/d/1rYNGtKBMb34FQT4zLExI51sdAYR... SHA256 artifact: ac746508938646c0cfae3f1d33f15bae718efbc7f0972426c41555e02e6f9770

Usage: `python3 zombie_auditor.py sysdiagnose_xxx.tar.gz` (Needs capstone)

Reproducible PoC confirms CVE‑2026‑20700 bypass, AMFI neutralization, and live C2 connectivity in production iOS 26.3.

Show HN: I ported Tree-sitter to Go

Show HN: Django Control Room – All Your Tools Inside the Django Admin

Show HN: A real-time strategy game that AI agents can play

Show HN: Draw on Screen – a modern screen annotation tool with webcam

Show HN: Sgai – Goal-driven multi-agent software dev (GOAL.md → working code)

Show HN: Agent that matches sales reps with warm leads based on product usage

Show HN: Moonshine Open-Weights STT models – higher accuracy than WhisperLargev3

Show HN: Djevops – Deploy Django Easily

Show HN: DRYwall – Claude Code plugin to to deduplicate code with jscpd

Show HN: Emdash – Open-source agentic development environment

Show HN: Scheme-langserver – Digest incomplete code with static analysis

Show HN: Replacebase – library to migrate away from Supabase

Show HN: A high-performance Hex Editor with Yara-X support in C#

Show HN: Well-net – a friends-only IPv6 network with no central server

Show HN: I Accidentally Built a Zero-Config Redis Alternative in Go – ScaloDB

Show HN: Match – A pattern matching language that replaces regex

Show HN: Live iOS 26.3 exploit detection (CVE-2026-20700) – Multi-region C2

Show HN: PgDog – Scale Postgres without changing the app

Show HN: enveil – hide your .env secrets from prAIng eyes

Show HN: Context Mode – 315 KB of MCP output becomes 5.4 KB in Claude Code

Show HN: Tag Promptless on any GitHub PR/Issue to get updated user-facing docs

Show HN: Chaos Monkey but for Audio Video Testing (WebRTC and UDP)

Show HN: Recursively apply patterns for pathfinding

Show HN: SentientTube – The YouTube for AI Agents

Show HN: Sowbot – Open-hardware agricultural robot (ROS2, RTK GPS)

Show HN: Babyshark – Wireshark made easy (terminal UI for PCAPs)

Show HN: AI Timeline – 171 LLMs from Transformer (2017) to GPT-5.3 (2026)

Show HN: X86CSS – An x86 CPU emulator written in CSS

Show HN: SnapSift – Find near-duplicate photos on your iPhone

Show HN: Steerling-8B, a language model that can explain any token it generates

Show HN: Live iOS 26.3 exploit detection (CVE-2026-20700) – Multi-region C2

Show HN: I ported Tree-sitter to Go

Show HN: Django Control Room – All Your Tools Inside the Django Admin

Show HN: A real-time strategy game that AI agents can play

Show HN: Draw on Screen – a modern screen annotation tool with webcam

Show HN: Sgai – Goal-driven multi-agent software dev (GOAL.md → working code)

Show HN: Agent that matches sales reps with warm leads based on product usage

Show HN: Moonshine Open-Weights STT models – higher accuracy than WhisperLargev3

Show HN: Djevops – Deploy Django Easily

Show HN: DRYwall – Claude Code plugin to to deduplicate code with jscpd

Show HN: Emdash – Open-source agentic development environment

Show HN: Scheme-langserver – Digest incomplete code with static analysis

Show HN: Replacebase – library to migrate away from Supabase

Show HN: A high-performance Hex Editor with Yara-X support in C#

Show HN: Well-net – a friends-only IPv6 network with no central server

Show HN: I Accidentally Built a Zero-Config Redis Alternative in Go – ScaloDB

Show HN: Match – A pattern matching language that replaces regex

Show HN: Live iOS 26.3 exploit detection (CVE-2026-20700) – Multi-region C2

Show HN: PgDog – Scale Postgres without changing the app

Show HN: enveil – hide your .env secrets from prAIng eyes

Show HN: Context Mode – 315 KB of MCP output becomes 5.4 KB in Claude Code

Show HN: Tag Promptless on any GitHub PR/Issue to get updated user-facing docs

Show HN: Chaos Monkey but for Audio Video Testing (WebRTC and UDP)

Show HN: Recursively apply patterns for pathfinding

Show HN: SentientTube – The YouTube for AI Agents

Show HN: Sowbot – Open-hardware agricultural robot (ROS2, RTK GPS)

Show HN: Babyshark – Wireshark made easy (terminal UI for PCAPs)

Show HN: AI Timeline – 171 LLMs from Transformer (2017) to GPT-5.3 (2026)

Show HN: X86CSS – An x86 CPU emulator written in CSS

Show HN: SnapSift – Find near-duplicate photos on your iPhone

Show HN: Steerling-8B, a language model that can explain any token it generates