Everyone in Seattle hates AI
I grabbed lunch with a former Microsoft coworker I’ve always admired—one of those engineers who can take any idea, even a mediocre one, and immediately find the gold in it. I wanted her take on Wanderfugl 🐦, the AI-powered map I’ve been building full-time. I expected encouragement. At worst, overly generous feedback because she knows […]
Lie groups are crucial to some of the most fundamental theories in physics
In mathematics, ubiquitous objects called groups display nearly magical powers. Though they’re defined by just a few rules, groups help illuminate an astonishing range of mysteries. They can tell you which polynomial equations are solvable, for instance, or how atoms are arranged in a crystal. And yet, among all the different kinds of groups, one […]
Ghostty Is Now Non-Profit
Ghostty is now fiscally sponsored by Hack Club, a registered 501(c)(3) non-profit. Fiscal sponsorship is a legal and financial arrangement in which a recognized non-profit extends its tax-exempt status to a project that aligns with its mission. This allows Ghostty to operate as a charitable initiative while Hack Club manages compliance, donations, accounting, and governance […]
Prompt Injection via Poetry
You can get ChatGPT to help you build a nuclear bomb if you simply design the prompt in the form of a poem, according to a new study from researchers in Europe. The study, “Adversarial Poetry as a Universal Single-Turn Jailbreak in Large Language Models (LLMs),” comes from Icaro Lab, a collaboration of researchers at […]
Launch HN: Phind 3 (YC S22) – Every answer is a mini-app
Hi HN, We are launching Phind 3 (https://www.phind.com), an AI answer engine that instantly builds a complete mini-app to answer and visualize your questions in an interactive way. A Phind mini-app appears as a beautiful, interactive webpage — with images, charts, diagrams, maps, and other widgets. Phind 3 doesn’t just present information more beautifully; interacting […]
Reverse engineering a $1B Legal AI tool exposed 100k+ confidential files
Timeline & Responsible Disclosure Initial Contact: Upon discovering this vulnerability on October 27, 2025, I immediately reached out to Filevine’s security team via email. November 4, 2025: Filevine’s security team thanked me for the writeup and confirmed they would review the vulnerability and fix it quickly. November 20, 2025: I followed up to confirm the […]
Rocketable (YC W25) is hiring a founding engineer to automate software companies
You’ve been watching the AI capability curve. You’ve done the mental math. You know where this is going. While most people are still debating whether LLMs can “really” reason, you’re thinking about what happens when agents replace entire functions, when systems can debug themselves, when software can operate without humans touching it. We’re building that […]
Steam Deck lead reveals Valve is funding ARM compatibility of Windows games
For over a decade, Steam company Valve’s biggest goal has been bringing Windows games to Linux. While that goal is almost complete with the massive success of Proton compatibility on Steam Deck and the upcoming Steam Machine, the company has also been secretly pushing to bring Windows games to ARM devices. In an interview with […]
Critical RCE Vulnerabilities in React and Next.js
TL;DR: React and Next.js are vulnerable in default configurations to unauthenticated RCE with no prerequisites. Our exploitation tests show that a standard Next.js application created via create-next-app and built for production is vulnerable without any specific code modifications by the developer. A critical vulnerability has been identified in the React Server Components (RSC) “Flight” protocol, […]
RCE Vulnerability in React and Next.js
A vulnerability affects certain React packages1 for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55182. Fixed in:React: 19.0.1, 19.1.2, 19.2.1Next.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7 The vulnerability also affects experimental canary releases […]