
AI Voice Fraud Needs Three Seconds of Your Voice
Voice cloning now requires just 3 seconds of audio to impersonate someone. With $893M in reported losses, detection has failed - here's what might actually work.
40 articles

CISA added the first AI agent building platform to its Known Exploited Vulnerabilities catalog. What the Langflow IDOR vulnerability means for agent security and how to check if you're exposed.

Voice cloning now requires just 3 seconds of audio to impersonate someone. With $893M in reported losses, detection has failed - here's what might actually work.

Days after getting caught uploading entire codebases to xAI servers, Grok Build is now open source on GitHub. The HN community isn't convinced it's enough.

Security researchers disclosed a Cursor vulnerability that auto-executes malicious git.exe files from repos - after waiting 7 months with no fix. Here's what developers need to know.

Open-source tool gives Claude Code, Codex, and other agents their own isolated Linux VM on your machine - network firewall included, no cloud account required.

A use-after-free bug in the Linux kernel's real-time mutex implementation has existed since 2011. Researchers earned $92,337 from Google's kernelCTF for discovering and exploiting it.

A security researcher intercepted Grok Build's network traffic and found it uploads entire repositories - including .env files with secrets - to xAI servers. Here's what the data shows.

A new experimental technology encodes messages in video using motion-based steganography, exploiting how AI models process video as individual frames rather than continuous motion.

Security researchers discovered a prompt injection vulnerability in GitHub's Agentic Workflows that allows attackers to extract private repository contents through public issues.

Someone found an obfuscated bash script on a Uniqlo x Akamai t-shirt and decoded it. Here's what they found - and what HN thinks about whether it was AI-generated.

Flipper Devices announces their firmware hit 1.0 stability and outlines a new community contribution model - while HN debates whether 'done' software is actually a good thing.

A developer reverse-engineered Claude Code and found hidden markers that classify users by timezone, domain, and API keywords - using unicode apostrophe swaps and date format changes.

Semgrep's security research team benchmarked LLMs on IDOR vulnerability detection. The open-weight GLM 5.2 beat Claude Code by 7 points at roughly one-sixth the cost.
Showing 12 of 39 articles

New tutorials, open-source projects, and deep dives on coding agents - delivered weekly.
Explore 736 topics
Browse All Topics