HN Reader

Hosting a website on a disposable vape (bogdanthegeek.github.io)

60 points by BogdanTheGeek 28m ago 260 comments

Asciinema CLI 3.0 rewritten in Rust, adds live streaming, upgrades file format (blog.asciinema.org)

136 points by ku1ik 2h ago 23 comments

Wanted to spy on my dog, ended up spying on TP-Link (kennedn.com)

87 points by kennedn 1h ago 16 comments

React Won by Default – and It's Killing Front End Innovation (lorenstew.art)

33 points by dbushell 35m ago 26 comments

PayPal to support Ethereum and Bitcoin (newsroom.paypal-corp.com)

176 points by DocFeind 4h ago 121 comments

Launch HN: Trigger.dev (YC W23) – Open-source platform to build reliable AI apps

75 points by eallam 3h ago 30 comments

CubeSats are fascinating learning tools for space (jeffgeerling.com)

111 points by warrenm 4h ago 43 comments

Boring Work Needs Tension (iaziz786.com)

36 points by iaziz786 2h ago 22 comments

How big a solar battery do I need to store all my home's electricity? (shkspr.mobi)

129 points by FromTheArchives 5h ago 200 comments

Programming Deflation (tidyfirst.substack.com)

79 points by dvcoolarun 4h ago 45 comments

Self-Assembly Gets Automated in Reverse of 'Game of Life' (quantamagazine.org)

18 points by kjhughes 3d ago 0 comments

How to self-host a web font from Google Fonts (blog.velocifyer.com)

58 points by Velocifyer 3h ago 65 comments

RustGPT: A pure-Rust transformer LLM built from scratch (github.com)

298 points by amazonhut 8h ago 140 comments

Researchers revive the pinhole camera for next-gen infrared imaging (phys.org)

7 points by wglb 3d ago 1 comments

Microsoft to force install the Microsoft 365 Copilot app in October (bleepingcomputer.com)

79 points by mikece 1h ago 48 comments

Removing newlines in FASTA file increases ZSTD compression ratio by 10x (log.bede.im)

192 points by bede 3d ago 76 comments

Show HN: Daffodil – Open-Source Ecommerce Framework to connect to any platform (github.com)

35 points by damienwebdev 3h ago 3 comments

Show HN: AI-powered web service combining FastAPI, Pydantic-AI, and MCP servers (github.com)

5 points by Aherontas 21h ago 1 comments

Folks, we have the best π (lcamtuf.substack.com)

267 points by fratellobigio 11h ago 72 comments

A string formatting library in 65 lines of C++ (riki.house)

22 points by PaulHoule 2h ago 9 comments

Apple has a private CSS property to add Liquid Glass effects to web content (alastair.is)

212 points by _alastair 3h ago 113 comments

The Mac App Flea Market (blog.jim-nielsen.com)

218 points by ingve 11h ago 103 comments

Language models pack billions of concepts into 12k dimensions (nickyoder.com)

319 points by lawrenceyan 14h ago 110 comments

Show HN: Semlib – Semantic Data Processing (github.com)

41 points by anishathalye 4h ago 10 comments

Creating a VGA Signal in Hubris (lasernoises.com)

21 points by lasernoises 3h ago 4 comments

Show HN: MCP Server Installation Instructions Generator (hyprmcp.com)

5 points by pmig 3h ago 0 comments

Death to type classes (jappie.me)

89 points by zeepthee 3d ago 52 comments

Show HN: I reverse engineered macOS to allow custom Lock Screen wallpapers (cindori.com)

59 points by cindori 9h ago 37 comments

A qualitative analysis of pig-butchering scams (arxiv.org)

166 points by stmw 14h ago 91 comments

Pgstream: Postgres streaming logical replication with DDL changes (github.com)

56 points by fenn 5h ago 4 comments

Which NPM package has the largest version number? (adamhl.dev)

147 points by genshii 15h ago 65 comments

Meta bypassed Apple privacy protections, claims former employee (9to5mac.com)

109 points by latexr 3h ago 50 comments

The Culture novels as a dystopia (boristhebrave.com)

54 points by ibobev 9h ago 115 comments

Not all browsers perform revocation checking (revoked-isrgrootx1.letsencrypt.org)

84 points by sugarpimpdorsey 15h ago 70 comments

NASA's Guardian Tsunami Detection Tech Catches Wave in Real Time (jpl.nasa.gov)

136 points by geox 2d ago 22 comments

Human writers have always used the em dash (theringer.com)

78 points by FromTheArchives 2d ago 100 comments

PythonBPF – Writing eBPF Programs in Pure Python (xeon.me)

128 points by JNRowe 3d ago 30 comments

The madness of SaaS chargebacks (medium.com)

62 points by evermike 6h ago 86 comments

Jef Raskin's cul-de-sac and the quest for the humane computer (arstechnica.com)

48 points by pinewurst 3d ago 14 comments

macOS Tahoe (apple.com)

57 points by Wingy 1h ago 59 comments

macOS 26 Tahoe: The Ars Technica Review (arstechnica.com)

12 points by robin_reala 44m ago 0 comments

Cory Doctorow: "centaurs" and "reverse-centaurs" (locusmag.com)

88 points by thecosas 3d ago 29 comments

A set of smooth, fzf-powered shell aliases&functions for systemctl (silverrainz.me)

46 points by SilverRainZ 2d ago 13 comments

The Obsolescence of Political Definitions (1991) (vmchale.com)

31 points by vmchale 4h ago 72 comments

YIMBYs on the Cusp of Major Victory in California (prospect.org)

9 points by warrenm 23m ago 0 comments

How does air pollution impact your brain? (neurofrontiers.blog)

45 points by wjb3 9h ago 19 comments

Denmark's Justice Minister calls encrypted messaging a false civil liberty (mastodon.social)

381 points by belter 6h ago 249 comments

Sandboxing Browser AI Agents (earlence.com)

57 points by earlence 3d ago 5 comments

Celestia – Real-time 3D visualization of space (celestiaproject.space)

123 points by LordNibbler 12h ago 30 comments

Show HN: Omarchy on CachyOS (github.com)

56 points by theYipster 13h ago 55 comments

Cloudflare Security Mistriages on Account Takeover

3 matured_kazama 0 9/15/2025, 2:19:29 PM
I'm a top hacker for Cloudflare and the continuous declining level of their bug bounty assessment has made me very concerning.

I submitted an 1-click Account Takeover on their VIP program, apart the previous ones which were assessed as High Severity. But the recent one is downgraded to Low Severity due to phishing, even when the High Severity issue also required phishing. I mean 1-click ATO do require phishing bro.

This is the second incident after their publicly acked mishandled triaging of https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1

I do not know what's happening to them, but they are declining to provide answers, even privately/publicly. Also, they publicly boasts of their new VIP program: https://blog.cloudflare.com/cisa-pledge-commitment-bug-bounty-vip/#the-vip-programs-new-enhanced-reward-structure but when submitting this recent report to it, they forwarded it to the public program.

Comments (0)

No comments yet