HN Reader

Making GitHub Profiles Cool – Painful Lessons with GitHub (crowfunder.github.io)

1 points by crowfunder 5m ago 0 comments

Good News (goodheadlines.org)

1 points by wattaman 8m ago 0 comments

We risk a deluge of AI-written 'science' pushing corporate interests (theconversation.com)

1 points by Improvement 10m ago 0 comments

What is the origin of the private network address 192.168.*.*? (lists.ding.net)

1 points by kreyenborgi 10m ago 0 comments

A World Without Conversation (devpoga.org)

1 points by poga 10m ago 0 comments

Stem cells are faster in space (the-scientist.com)

1 points by andsoitis 13m ago 0 comments

Rust Coreutils 0.2 Released with Perf Gains, Production-Ready Ubuntu Support (phoronix.com)

2 points by fork-bomber 15m ago 0 comments

Show HN: Syneris - Publish and discover anything. (syneris.netlify.app)

1 points by brandon22 17m ago 0 comments

AI Week 2025 (blog.cloudflare.com)

2 points by itsmycode 17m ago 0 comments

College Students Have Changed Forever (theatlantic.com)

1 points by sien 21m ago 1 comments

Google AI Mode to Become Default for Google Search Soon (seroundtable.com)

1 points by Improvement 25m ago 0 comments

Zero-Shot Reinforcement Learning (arxiv.org)

2 points by enjeeneer 28m ago 0 comments

Pest control fumigation and cleaning in Ghana. Pestabsent

2 points by Pestabsent 28m ago 0 comments

Flat-panel laser displays through large-scale photonic integrated circuits (nature.com)

2 points by PaulHoule 40m ago 0 comments

The CoPilot Productivity Paradox (marginalia.nu)

3 points by Improvement 41m ago 0 comments

New trend: extreme hours at AI startups (blog.pragmaticengineer.com)

3 points by amazonhut 41m ago 0 comments

Cassette Logic: technology that never dies but is already dead (differentshelf.com)

3 points by seductivebarry 42m ago 1 comments

Nominees: The fastest legal way to lose your company (johnnydoe.is)

3 points by ceo-eu 44m ago 1 comments

Difdef: Utility to do an N-way diff and N-way merge, for N>2 (github.com)

2 points by Bogdanp 45m ago 0 comments

Where Is the Shovelware? (substack.com)

2 points by besil 48m ago 0 comments

Second known tanker carrying sanctioned Russian Arctic LNG berths in China (reuters.com)

2 points by keepamovin 55m ago 0 comments

Show HN: This trick short-circuited my anxiety

2 points by chetansorted 55m ago 0 comments

KDE Linux Enters Alpha as Reference Linux Distribution for the KDE Desktop (phoronix.com)

4 points by fork-bomber 57m ago 0 comments

Show HN: I built a modern iGoogle-like new tab extension (newtabwidgets.com)

2 points by ctrlt 1h ago 0 comments

Teen gamer who 'performed miracles' set to become first millennial saint (bbc.com)

4 points by defrost 1h ago 2 comments

GitHub introduces Spark, Agentic Copilot built and hosted at GitHub (github.com)

2 points by NaomiLehman 1h ago 0 comments

As Xi and Putin chase immortality, let's talk about digital presidents-for-life (theregister.com)

2 points by YeGoblynQueenne 1h ago 0 comments

Ask HN: Do companies use SAFe to prepare for offshoring?

2 points by unknownsky 1h ago 0 comments

The Design of the Apple AirPod – Nebula (nebula.tv)

2 points by 9woc 1h ago 0 comments

Jeremy Corbyn predicted Labour's Palestine Action ban decades ago [video] (youtube.com)

2 points by vfclists 1h ago 0 comments

Can a regex match valid card numbers? (abstractnonsense.xyz)

2 points by subset 1h ago 1 comments

Evolution of the ELF object file format (maskray.me)

2 points by fanf2 1h ago 0 comments

Tempo Launch Announcement: The Blockchain Designed for Payments (tempo.xyz)

2 points by lsferreira42 1h ago 0 comments

Memory Safety in ProcASM (temware.site)

2 points by Temdog007 1h ago 0 comments

Samhenrigold/LidAngleSensor: MacBook Screen Angle Sensor Reader (github.com)

2 points by rcarmo 1h ago 1 comments

Visualizing the Vocabulary of an LLM (alessiodevoto.github.io)

2 points by vinhnx 1h ago 0 comments

Burger King security issues DMCA-ed and taken down (infosec.exchange)

2 points by vintagedave 1h ago 1 comments

2025 AI Darwin Award Nominees – Worst AI Failures of the Year (aidarwinawards.org)

2 points by rcarmo 1h ago 0 comments

GPT-5 Thinking in ChatGPT (a.k.a. Research Goblin) is shockingly good at search (simonwillison.net)

5 points by thunderbong 1h ago 0 comments

I hacked India's GST portal–11.8M taxpayers exposed; enabling stock manipulation (aseem-shrey.medium.com)

4 points by LuD1161 1h ago 1 comments

Things you can do with a debugger but not with print debugging (mahesh-hegde.github.io)

1 points by never_inline 1h ago 0 comments

ECJ strengthens data protection: Pseudonymization alone is not always enough (heise.de)

2 points by moritzruth 1h ago 0 comments

From quantum foundations via natural language meaning to a theory of everything (arxiv.org)

1 points by hackandthink 1h ago 0 comments

An Interview with William Deresiewicz (therepublicofletters.substack.com)

2 points by Michelangelo11 1h ago 0 comments

Simulating Human-to-Human Dialogue Using Azure AI (github.com)

2 points by misternintendo 1h ago 0 comments

DDNS Support for WireGuard (github.com)

1 points by fernvenue 1h ago 0 comments

Trump, XRP, and Sol Options Signal a Potential Year-End Altcoin Season (coindesk.com)

1 points by PaulHoule 1h ago 0 comments

The soldier, his robots and their global tour (bbc.com)

1 points by cmsefton 1h ago 0 comments

Musical puzzle made by Julian Assange for university quest (wondrousnet.blogspot.com)

1 points by Nothing33 2h ago 0 comments

OLMoASR: A series of open speech recognition models (with open datasets) (allenai.org)

2 points by maxloh 2h ago 0 comments

Show HN: Integration Security Top 10: An OWASP-style framework

1 leo1452 0 9/7/2025, 6:46:18 AM github.com ↗
The Salesloft–Drift breach (more context - https://news.ycombinator.com/item?id=45106340) this August showed how one weak integration can ripple across 700+ orgs (Cloudflare, Palo Alto, Zscaler, etc.). Attackers stole tokens from a single app and used them like skeleton keys to exfiltrate Salesforce, Google Workspace, and Slack data.

Looking around, I found no clear framework or set of controls to track and improve integration security.

So, I’ve published the Integration Security Top 10 (ISF) and open-sourced it on GitHub. It’s modeled after the OWASP Top 10: short, memorable, and focused on the most critical risks in SaaS-to-SaaS and API integrations. Each item also has an actionable “playbook” to help move theory into practice.

The goal is to help orgs prevent the sorry situation that we saw unfold at so many supposedly "secure" companies over the last few weeks. I'm doing this by creating a clear set of controls that orgs can look at and use like a checklist to fix integration security issues.

Comments (0)

No comments yet