HN Reader

GPEmu: A GPU Emulator for Rapid, Low-Cost Deep Learning Prototyping [pdf] (vldb.org)

1 points by matt_d 57s ago 0 comments

Peter Thiel's Palantir poses a grave threat to Americans (theguardian.com)

1 points by bilekas 1m ago 0 comments

Non-opioid molecule relies chronic pain for 3 weeks (medicalxpress.com)

1 points by PaulHoule 2m ago 0 comments

Chile's Queen Bees Take Flight as Global Guardians of Pollination (latinamericanpost.com)

1 points by litoE 4m ago 0 comments

Earth Temperature Timeline (2016) (xkcd.com)

1 points by microsoftedging 6m ago 0 comments

The race to make AI as multilingual as Europe (thenextweb.com)

1 points by Bluestein 7m ago 0 comments

Hobby shops: it's game over due to Quebec law [banning sale of EN-only wares] (youtube.com)

1 points by indrora 8m ago 0 comments

DOE Invites Experiments for Marvel Microreactor (spectrum.ieee.org)

2 points by defrost 10m ago 0 comments

Show HN: Convert Photo to Flat Cartoon Vector (vizbull.com)

1 points by rkj93 11m ago 0 comments

So It Begins Is This a Real Band or AI? [video] (youtube.com)

2 points by sublinear 13m ago 0 comments

I got an ambulance ride, CT scan and ER care in Brazil. My bill: $0 (washingtonpost.com)

7 points by rbanffy 14m ago 1 comments

Bryan Kohberger to plead guilty to all counts in Idaho college murders case (abcnews.go.com)

1 points by david927 15m ago 0 comments

Show HN: I turned Paul Graham's essays into per topic navigable knowledge maps (proread.ai)

1 points by kanodiaashu 15m ago 0 comments

In 1966, Israeli Intelligence Convinced an Iraqi Pilot to Defect with His MiG-21 (daxe.substack.com)

2 points by vinnyglennon 16m ago 0 comments

AIs have a favorite number, and it's not 42 (theregister.com)

1 points by twapi 17m ago 0 comments

Amazon Misses Out on Switch 2 Sales After Nintendo Pulled Products from US Site (bloomberg.com)

1 points by JumpCrisscross 17m ago 0 comments

Cholesterol and how it fits in with a healthy diet (2023) (heart.org)

2 points by herecomethefuzz 18m ago 0 comments

Harry Potter and the Anatomy of a Speedrun (2024) (blog.alexbeals.com)

1 points by pncnmnp 19m ago 0 comments

Corruption Database – DJT (github.com)

2 points by darkhacks 20m ago 0 comments

DOJ announces plans to prioritize cases to revoke citizenship (npr.org)

4 points by JumpCrisscross 20m ago 0 comments

For the future of water conservation, look to Los Angeles? (nytimes.com)

1 points by bookofjoe 21m ago 1 comments

Cytisine [pdf] (ncsct.co.uk)

1 points by chpatrick 22m ago 0 comments

MCP to .dxt Command for Claude Code (claudecodecommands.directory)

1 points by ananddtyagi 22m ago 1 comments

React Still Feels Insane and No One Is Talking About It (old.reddit.com)

1 points by mbrizic 23m ago 0 comments

Query Autocomplete from LLMs (old.reddit.com)

1 points by softwaredoug 24m ago 0 comments

Judge allows antitrust lawsuit against Apple to proceed (wsbtv.com)

2 points by 1vuio0pswjnm7 28m ago 0 comments

Show HN: A continuation of IRS Direct File that can be self-hosted (github.com)

1 points by elijahwright_ 29m ago 0 comments

Regen: Empowering personalized recommendations with natural language (research.google)

1 points by maxloh 30m ago 0 comments

US Government takes down major North Korean 'remote IT workers' operation (techcrunch.com)

2 points by jnord 31m ago 0 comments

Researchers Uncover Hidden Ingredients Behind AI Creativity (quantamagazine.org)

1 points by jnord 32m ago 0 comments

Bell Labs DSP Pioneer Jim Boddie Leaves Lasting Legacy (spectrum.ieee.org)

2 points by jnord 33m ago 0 comments

Chronic Denial (openmindmag.org)

1 points by MaysonL 37m ago 0 comments

Ask HN: How Are You Reading HN in June 2025?

3 points by johncole 42m ago 0 comments

SKA-Low simulations for a cosmic dawn/epoch of reionisation deep field (arxiv.org)

1 points by PaulHoule 44m ago 0 comments

The AI-Native Airtable Has Arrived: A Letter from Our CEO (airtable.com)

1 points by xavdid 45m ago 1 comments

Why Generalists Will Lead in the Age of AI (opuslabs.substack.com)

2 points by opuslabs 46m ago 0 comments

Is 2025 the Year of the Linux Desktop – Part I (lttlabs.com)

2 points by LorenDB 49m ago 0 comments

Show HN: PDFtoLink.app – convert pdf to shareable links (pdftolink.app)

1 points by Airyisland 49m ago 0 comments

Transformers Are Graph Neural Networks (arxiv.org)

1 points by Anon84 51m ago 0 comments

RelaX – Relational Algebra Calculator (dbis-uibk.github.io)

1 points by b-man 52m ago 0 comments

Amazon DynamoDB global tables with multi-Region strong consistency is now GA (aws.amazon.com)

1 points by eatonphil 52m ago 0 comments

App Store Services Tiers in the EU (developer.apple.com)

2 points by ajuhasz 52m ago 2 comments

Starlink may be lying about speed (seriousaboutech.com)

5 points by janandonly 56m ago 1 comments

Empeg Car – A Linux Car Stereo from the 90s [video] (youtube.com)

2 points by zdw 56m ago 0 comments

FBI Warning Issued as 2FA Bypass Attacks Surge – Get Prepared (forbes.com)

5 points by mooreds 59m ago 0 comments

TYPES 2025: The 31st International Conference on Types for Proofs and Programs (msp.cis.strath.ac.uk)

2 points by matt_d 59m ago 0 comments

Coros Confirms Substantial Watch Security Vulnerablity: Says Fixes Are Coming (dcrainmaker.com)

1 points by sorenjan 1h ago 0 comments

Show HN: Timezone converter that tells you if your meeting time sucks (timezig.com)

1 points by skrid 1h ago 0 comments

Set fees by currency, location or method in 4 steps using config and events (youtube.com)

1 points by NkenuTimothy 1h ago 0 comments

Beyond Code: APIs as the Next OSS Battleground (redmonk.com)

2 points by MilnerRoute 1h ago 0 comments

High-Severity Vulnerability in Notepad++

4 onlinenotepad 4 6/30/2025, 5:49:12 PM csa.gov.sg ↗

Comments (4)

notepad0x90 · 34s ago
I wanted to say the installer has no business running things as SYSTEM but I suppose there is no way around that for registering COM DLLs. I would think Attackers would need to chain this with a Uac bypass (or be fortunate enough to find Uac disabled). If Uac is setup right, administrative operations like regsvr32 should require going through consent.exe's prompt. Uac bypasses are plenty but systems can be configured to mitigate them (at least the ones I know of). Social engineering is also another good way to bypass Uac.
gertlex · 1h ago
Looks like it's a vulnerability in the installer.

From a small bit of skimming, sounds like it's a user escalation vector, where a low privileged user can run the installer in a contrived manner to achieve privilege escalation.

https://github.com/notepad-plus-plus/notepad-plus-plus/secur...

So for my personal install, nothing to worry about here...

reanimus · 1h ago
Headline is a little misleading imo -- the vulnerability isn't in Notepad++ itself as much as its installer. Current users, I imagine, don't have anything to worry about.
retox · 25m ago
If the problem is in the installer then this can't be 'fixed', affected installers should be fingerprinted as malware.

No comments yet