HN Reader

Show HN: I built UptimeBuddy after getting frustrated with complex monitors (uptimebuddy-contact.vercel.app)

1 points by grhayk 1m ago 0 comments

Lwan: Experimental, scalable, high performance HTTP server (github.com)

1 points by klaussilveira 1m ago 0 comments

How to build a freelance client funnel (and more) (hath.blog)

1 points by samoi 2m ago 0 comments

Instapaper is now on Rakuten Kobo e-readers (goodereader.com)

1 points by josteink 2m ago 1 comments

MIT 6.5930/1 Hardware Architecture for Deep Learning – Spring 2024 Lectures (csg.csail.mit.edu)

1 points by imakwana 3m ago 0 comments

Ask HN: What happens to Windows 10 PCs after October 14?

1 points by Kapura 3m ago 0 comments

The vulnerability might be in the proof-of-concept (sethmlarson.dev)

2 points by Bogdanp 4m ago 0 comments

Show HN: Meetup.com and eventribe alternative to small groups (github.com)

2 points by orbanlevi 4m ago 0 comments

Cloudflare (blog.cloudflare.com)

1 points by hampones 7m ago 0 comments

Covid vaccine in US now requires consultation with physician (axios.com)

2 points by spectraldrift 7m ago 0 comments

"If Cats Could Code", a FOSS Book on CS Concepts (github.com)

1 points by DavidCanHelp 8m ago 0 comments

Bring Back the Free Plan (blog.railway.com)

2 points by dban 10m ago 1 comments

Gayfemboy Malware Campaign (broadcom.com)

2 points by ndiddy 11m ago 0 comments

OpenAI Codex for VSCode has been released (marketplace.visualstudio.com)

1 points by Topfi 11m ago 1 comments

Framework Laptop 16 with Nvidia RTX 5070 [video] (youtube.com)

1 points by polyrand 14m ago 0 comments

ByteDance releases OmniHuman-1.5: long-form, emotion-aware AI avatars (omnihuman-lab.github.io)

1 points by yanng404 15m ago 0 comments

GPT-5 Is a Terrible Storyteller – and That's an AI Safety Problem (christoph-heilig.de)

1 points by raphman 15m ago 0 comments

AsciiDots: An esoteric programming language based on ASCII art (ajanse.me)

1 points by fanf2 16m ago 0 comments

CDC stopped actively tracking 6 foodborne infections amid budget cuts (arstechnica.com)

1 points by coloneltcb 16m ago 0 comments

FTC sues Air AI for false and deceptive marketing claims (ftc.gov)

2 points by pogue 17m ago 1 comments

At 66, I Decided to Get Healthy Again. Was It Too Late? (bloomberg.com)

1 points by wslh 18m ago 1 comments

Ask HN: GitHub Copilot Down?

16 points by thecopy 18m ago 9 comments

Lgsik-Poser: Skeleton-Aware Full-Body Motion Reconstruction from Sparse Inputs (mdpi.com)

1 points by PaulHoule 19m ago 0 comments

Tracking asteroids or stealth fighters with phone cameras (youtube.com)

2 points by lifeisstillgood 20m ago 0 comments

Silver State goes dark as cyberattack knocks Nevada websites offline (theregister.com)

2 points by docmechanic 21m ago 0 comments

Simple Made Easy (Rich Hickey) [video] (youtube.com)

3 points by dgs_sgd 21m ago 0 comments

Handmade Process of Watanabe Wheels [video] (youtube.com)

1 points by naves 23m ago 0 comments

Openstack-lb-info – CLI tool to explore OpenStack Load Balancer details (github.com)

1 points by cavanche 23m ago 0 comments

Nvidia earnings: Stock slips despite revenue, profit beats (businessinsider.com)

2 points by mgh2 25m ago 0 comments

Is the UK's giant new nuclear power station 'unbuildable'? (ft.com)

1 points by pseudolus 27m ago 1 comments

I got tired of juggling time tracking, reports, and invoices – so I built this (tracksy.me)

2 points by mrbigboka 28m ago 2 comments

Music Criticism Lost Its Edge (newyorker.com)

1 points by omar_alt 28m ago 1 comments

Nvidia Falls After Data Center Revenue Misses Estimate (bloomberg.com)

2 points by pera 28m ago 1 comments

Weekly/monthly cybersecurity trend and statistics newsletter (cybersecstats.com)

2 points by positivejim 29m ago 0 comments

Synthi – A tool to summarize and synthesize HN threads and their articles (prototypejam.github.io)

2 points by dazzaji 30m ago 1 comments

Framework Laptop 16 – Prototypes and scrapped ideas [video] (youtube.com)

1 points by tart-lemonade 30m ago 0 comments

Show HN: Hielo – a fast, lightweight tool for managing Apache Iceberg tables (github.com)

2 points by atcol 30m ago 1 comments

AppMafia shared a free course for building million dollars app (appmafia.com)

1 points by tntpreneur 31m ago 1 comments

Something weird is going on with Switch 2 game development (polygon.com)

4 points by ezekg 34m ago 0 comments

Managing an Expert Team When You Can't Do Their Jobs (cybadger.com)

1 points by mooreds 35m ago 0 comments

Nvidia Announces Financial Results for Second Quarter Fiscal 2026 (nvidianews.nvidia.com)

2 points by kgwgk 35m ago 0 comments

Verily is closing its medical device program, shifts resources to AI (techcrunch.com)

2 points by blevinstein 35m ago 0 comments

The difference between your ID, online and offline (idiallo.com)

2 points by firefoxd 38m ago 0 comments

Synthetic Users (syntheticusers.com)

1 points by mooreds 40m ago 0 comments

Quickstart Guide to Being a Digital Nomad (foundersconfidential418.substack.com)

2 points by DtNZNkLN 40m ago 0 comments

The Color of the Future: A history of blue (hopefulmons.com)

1 points by prismatic 40m ago 0 comments

Musicians Can't Rely on Financial Institutions to Fund Them (jphfeeds.top)

1 points by joshuarblog 41m ago 0 comments

Show HN: An AI productivity assistant to help you focus (deepwork.fit)

1 points by yumingh 42m ago 0 comments

Intel's PCI Vendor ID is 0x8086, There are many more like that in the database (kubatyszko.com)

2 points by kubatyszko 42m ago 1 comments

Show HN: PR-desc your AI Git and GitHub workflow assistant (github.com)

1 points by daniddeme 43m ago 0 comments

OAuth Device Flow Vulnerabilities: Analysis of 2024-2025 Attack Wave

1 guptadeepak 1 8/27/2025, 6:41:17 PM guptadeepak.com ↗

Comments (1)

guptadeepak · 2h ago
This analysis dives into the recent surge of OAuth device flow attacks observed in 2024-2025, focusing on key protocol weaknesses and implementation gaps.

The critical issue stems from attacker exploitation of insufficient user code verification and token issuance processes, enabling device flow hijacking and abuse at scale. Notably, the challenge of securely binding device codes to legitimate users remains unresolved, especially in constrained input environments.

How are you addressing the trade-offs between user convenience and security in OAuth device flows?