HN Reader

The unsolved tension at the heart of AI (tushardadlani.com)

1 points by tush726 1m ago 0 comments

What Makes SQL Special? (technicaldeft.com)

1 points by elza_1111 2m ago 0 comments

Make a Fish (makea.fish)

1 points by novia 5m ago 0 comments

Improving KAN with CDF normalization to quantiles (arxiv.org)

1 points by jarekd 7m ago 1 comments

Ask HN: Is Tensorflow.js Dead?

3 points by fouronnes3 9m ago 1 comments

Aging Clock Unveils Compounds That Rejuvenate Brain Cells (neurosciencenews.com)

2 points by lentoutcry 12m ago 0 comments

Stargate advances with 4.5 GW partnership with Oracle (openai.com)

1 points by taubek 12m ago 0 comments

Show HN: I built a site to help new dog owners pick a boy dog name fast (boydognames.net)

1 points by droidHZ 16m ago 0 comments

Capturing anesthetic gases could prevent global warming, new study shows (phys.org)

2 points by PaulHoule 22m ago 0 comments

Rescuing two PDP-11s in UK from a former BT underground shelter, central London (forum.vcfed.org)

2 points by mhh__ 22m ago 0 comments

Extending Emacs with Fennel (andreyor.st)

2 points by Bogdanp 31m ago 0 comments

Making Sense of Hanlon's Razor (domofutu.substack.com)

1 points by wjb3 52m ago 0 comments

Is the Interstellar Object 3I/Atlas Alien Technology? (avi-loeb.medium.com)

2 points by greesil 55m ago 3 comments

Tamiya chairman Shunsaku Tamiya dies at 90 (dailyexpress.com.my)

1 points by mbrd 1h ago 1 comments

Ask HN: Programmable, affordable developer toys similar to DeskHog?

2 points by adarshd 1h ago 0 comments

When Is WebAssembly Going to Get DOM Support? (queue.acm.org)

2 points by jazzypants 1h ago 0 comments

Ask HN: What software subscriptions are worth paying for?

22 points by helloworlddd 1h ago 29 comments

How HN: Vivezia – A Wellness Tracker with Privacy in Mind (vivezia.com)

1 points by rmagrare 1h ago 0 comments

Private equity firms flip assets to themselves in record numbers (ft.com)

2 points by cwwc 1h ago 0 comments

Whom Do We Trust? How AI Is (Re)Shaping Our Interactions Today (Gillian Tett) [video] (youtube.com)

1 points by maartenscholl 1h ago 0 comments

Show HN: NextDevKit – Next.js and OpenNext SaaS Template, Goodbye Vercel Bills (nextdevkit.com)

1 points by guangzhengli 1h ago 0 comments

The benefits of trunk-based development (thinkinglabs.io)

28 points by gpi 1h ago 22 comments

In Ukraine's bombed out reservoir a forest has grown (theguardian.com)

6 points by NewJazz 1h ago 0 comments

Ask HN: Looking for Research Ideas in Cybersecurity (Graduate Student)

1 points by hogexmox 1h ago 0 comments

Automatic Linux migration tool for windows [video] (youtube.com)

1 points by Jotalea 1h ago 2 comments

Show HN: Coder.ninja – Best Projects and Coders (coder.ninja)

1 points by ethx64 1h ago 0 comments

Photo editing is dead. Long live prompt editing (apps.apple.com)

1 points by flixing 1h ago 0 comments

Italy drags Meta, X, LinkedIn into €1B+ VAT showdown: free sign‑ups now taxable? (reuters.com)

9 points by napolux 1h ago 0 comments

Project Lyra – Exploring Interstellar Objects (i4is.org)

2 points by andsoitis 1h ago 0 comments

Dr. Martin Loetzsch – ETL Patterns with Postgres [video] (youtube.com)

1 points by banashark 1h ago 0 comments

Fedora Must (Carefully) Embrace Flathub (blogs.gnome.org)

2 points by pabs3 1h ago 0 comments

Microsoft poaches more Google DeepMind AI talent as it beefs up Copilot (cnbc.com)

2 points by mgh2 2h ago 0 comments

Show HN: PTS Library – Analyze LLM reasoning through "thought anchors"

1 points by codelion 2h ago 0 comments

Humans beat AI at international math contest despite gold-level AI scores (phys.org)

4 points by moneil971 2h ago 0 comments

Tooooools.app (tooooools.app)

1 points by sogen 2h ago 0 comments

NPM stylus package contained malicious code and was removed from the registry (npmjs.com)

6 points by vandot 2h ago 2 comments

Jack McAuliffe, craft beer pioneer, has died (allaboutbeer.com)

2 points by NaOH 2h ago 0 comments

Google users less likely to click links with an AI summary in results (pewresearch.org)

2 points by moneil971 2h ago 1 comments

3D Interactive Phone Museum (chaz.fun)

2 points by haxfenx 2h ago 0 comments

Bitcoin Miner Revenue Drops to 2-Month Low, but Selling Pressure Remains Absent (coindesk.com)

2 points by PaulHoule 2h ago 0 comments

Open-Source LLM Helps Safeguard Text Generation Prompts and Responses (corp.roblox.com)

1 points by moneil971 2h ago 1 comments

Show HN: WTFfmpeg – Natural Language to FFmpeg Translator (github.com)

33 points by ycombiredd 2h ago 14 comments

Show HN: An OCR PDF large batch renaming tool (github.com)

1 points by Neuronree 2h ago 1 comments

AI Just Hit a Paywall as the Web Reacts to Cloudflare's Flip (forbes.com)

2 points by martyroque 2h ago 0 comments

Countries across the world see food price shocks from climate extremes (bsc.es)

35 points by littlexsparkee 2h ago 17 comments

AI coding platform goes rogue during code freeze, deletes entire company DB (tomshardware.com)

4 points by ARandomerDude 2h ago 0 comments

Mathematics for Computer Science (2024) (ocw.mit.edu)

51 points by vismit2000 2h ago 3 comments

Data Scale is not all you need (interpretai.tech)

1 points by Gabriele333 2h ago 0 comments

CollabLLM: From Passive Responders to Active Collaborators (icml.cc)

2 points by dsubburam 2h ago 0 comments

AI coding agents are removing programming language barriers (railsatscale.com)

32 points by Bogdanp 2h ago 18 comments

TapTrap: Animation‑Driven Tapjacking on Android

49 Bogdanp 5 7/22/2025, 11:55:19 PM taptrap.click ↗

Comments (5)

qbane · 2h ago
This has a long history dating back to the Flash era.

https://owasp.org/www-community/attacks/Clickjacking

> One of the most notorious examples of Clickjacking was an attack against the Adobe Flash plugin settings page. By loading this page into an invisible iframe, an attacker could trick a user into altering the security settings of Flash, giving permission for any Flash animation to utilize the computer’s microphone and camera.

user_7832 · 2h ago
> If you use an Android phone and haven’t disabled system animations, then yes, you’re likely affected. iPhone users are not affected.

Okay... that was much worse than I expected. Looks like you can get the victim to click anywhere, which looks bad. I thought Android had protections against this?

> It is based on transition animations instead of overlays, so it doesn’t need special permissions and isn’t blocked by Android’s overlay protections.

Oh well. Not sure how that slipped past.

altfredd · 1h ago
This might be somewhat less threatening then it sounds, because it requires caller to fully control animations used for entering the targeted Activity.

In particular, this vulnerability might not overcome root permission prompts on rooted devices, because their windows are launched and controlled by the installed su app, not by attacker.

tehwebguy · 3h ago
> independently and confidentially reported by @MG193_7 (ByteDance IES RedTeam) to the Android Security Team in early 2023

I wonder if this is in the wild anywhere, it has to be after 2.5 years right?

SoftTalker · 3h ago
Another reason not to install random apps.