Feed aggregator

Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog.

The post ClickFix Attack Uses Windows Terminal to Evade Detection appeared first on SecurityWeek.

Article URL: https://floweasy.dev

Comments URL: https://news.ycombinator.com/item?id=47308148

Points: 1

# Comments: 0

Article URL: https://pyrefly.org/blog/pandas-type-completeness/

Comments URL: https://news.ycombinator.com/item?id=47308131

Points: 1

# Comments: 0

Article URL: https://github.com/mazrean/dockportless

Comments URL: https://news.ycombinator.com/item?id=47308129

Points: 1

# Comments: 0

Article URL: https://medicalxpress.com/news/2026-03-teenagers-late-2000s.html

Comments URL: https://news.ycombinator.com/item?id=47308109

Points: 1

# Comments: 0

I got frustrated that every time an AI agent restarts it forgets everything. So I spent six months building a fix.

Synrix is a local-first memory engine for AI agents. It uses a Binary Lattice structure instead of vectors — fixed-size nodes with prefix-semantic addressing. Lookups are O(k) where k is the number of results, not the size of the dataset. The demo that convinced me this was worth sharing: I told GPT-4 my name, that I like pugs and Ferraris, and a few facts about my project. Restarted the session completely.

The side without Synrix forgot everything. The side with Synrix recalled every single detail instantly. No retraining. No embeddings. No API call. Just prefix lookup in microseconds. Real numbers from my machine. Direct node lookup 19μs. Prefix queries over 10k nodes 28-80μs. Full agent context restored from cold start under 1ms. WAL recovery tested across 60 crash scenarios with zero data loss. Validated on Jetson Orin Nano at 192ns hot reads.

It runs entirely in-process. No server, no network, no GPU. Works on a factory floor, underground, on a robot that just lost power. Honest positioning: this is not a vector database replacement. For fuzzy similarity search over unstructured documents Qdrant and Chroma are the right tools. Synrix is specifically for structured agent memory where you control the naming — user preferences, learned facts, session context, task state. You know what you're looking for. Curious whether anyone has hit this problem in production and how you're currently solving it.

github.com/RYJOX-Technologies/Synrix-Memory-Engine

Comments URL: https://news.ycombinator.com/item?id=47308108

Points: 1

# Comments: 0

Article URL: https://www.washingtonpost.com/business/2026/03/09/cargo-theft-ai-chips-data-centers/

Comments URL: https://news.ycombinator.com/item?id=47308106

Points: 1

# Comments: 0

Article URL: https://www.soeren-hentzschel.at/firefox/exklusiv-so-sieht-das-neue-nova-design-von-firefox-aus/

Comments URL: https://news.ycombinator.com/item?id=47308094

Points: 1

# Comments: 0

Article URL: https://asteriskmag.com/issues/13/language-birth

Comments URL: https://news.ycombinator.com/item?id=47308087

Points: 1

# Comments: 0

https://forge.foxtrotcommunications.net/

I've been a data engineer for years and one thing drove me crazy: every time we integrated a new API, someone had to manually write SQL to flatten the JSON into tables. LATERAL FLATTEN for Snowflake, UNNEST for BigQuery, EXPLODE for Databricks — same logic, different syntax, written from scratch every time.

Forge takes an OpenAPI spec (or any JSON schema) and automatically:

1. Discovers all fields across all nesting levels 2. Generates dbt models that flatten nested JSON into a star schema 3. Compiles for BigQuery, Snowflake, Databricks, AND Redshift from the same metadata 4. Runs incrementally — new fields get added via schema evolution, no rebuilds

The key insight is that JSON-to-table is a compilation problem, not a query problem. If you know the schema, you can generate all the SQL mechanically. Forge is essentially a compiler: schema in, warehouse- specific SQL out.

How it works under the hood:

- An introspection phase scans actual data rows and collects the union of ALL keys (not just one sample record), so sparse/optional fields are always discovered - Each array-of-objects becomes its own child table with a hierarchical index (idx) linking back to the parent — no manual join keys needed - Warehouse adapters translate universal metadata into dialect-specific SQL: BigQuery: UNNEST(JSON_EXTRACT_ARRAY(...)) Snowflake: LATERAL FLATTEN(input => PARSE_JSON(...)) Databricks: LATERAL VIEW EXPLODE(from_json(...)) Redshift: JSON_PARSE + manual extraction - dbt handles incremental loads with on_schema_change='append_new_columns'

The full pipeline: Bellows (synthetic data generation from OpenAPI specs) → BigQuery staging → Forge (model generation + dbt run) → queryable tables + dbt docs. There's also Merlin (AI-powered field enrichment via Gemini) that auto-generates realistic data generators for each field.

I built this because I watched teams spend weeks writing one-off FLATTEN queries that broke the moment an API added a field. Every Snowflake blog post shows you how to parse 3 fields from a known schema — none of them handle schema evolution, arbitrary nesting depth, or cross-warehouse portability.

Try it: https://forge.foxtrotcommunications.net

Happy to answer questions about the architecture, the cross-warehouse compilation approach, or the AI enrichment layer.

Comments URL: https://news.ycombinator.com/item?id=47308072

Points: 2

# Comments: 0

Article URL: https://lists.iana.org/hyperkitty/list/tz@iana.org/thread/P6D36VZSZBUSSTSMZKFXKF4T4IXWN23P/

Comments URL: https://news.ycombinator.com/item?id=47308059

Points: 4

# Comments: 0

Hi HN, I'm Joshua, a teen from Kerala, India.

I built Kairos because I was frustrated that every AI I tested hallucinated on live events. During today's T20 World Cup Final, ChatGPT named the wrong player. Copilot named a different wrong player. Both confidently. Neither had live data.

Kairos solves this differently. Instead of sending raw search results to the LLM and hoping, it runs a verification pass first — cross-checking titles across RSS, DuckDuckGo, and NewsAPI, scoring each result by how many independent sources confirm it, then sorting by confidence before the LLM ever sees the context.

The architecture:

1. Pronoun resolution from ChromaDB conversation history (no API call) 2. Domain classification (6 domains) 3. Query expansion — 1 query becomes 4 targeted searches, pure Python, zero extra API calls 4. Parallel async fetch with timeouts 5. Cross-verification scoring 6. Dynamic thinking budget (0 for sports scores, up to 10k for complex analysis, hard capped) 7. 250 word output limit

Total codebase: ~90KB Model: Gemini 2.5 Flash Cache: ChromaDB Cost: $0

Benchmark on today's T20 Final: Kairos 43/50, Gemini 40/50, Perplexity 38/50, Copilot 26/50, ChatGPT 19/50

ChatGPT and Copilot both hallucinated player names with full confidence. Kairos cited 15 live sources.

GitHub: https://github.com/joshuaveliyath/kairos

Happy to answer technical questions.

Comments URL: https://news.ycombinator.com/item?id=47308049

Points: 1

# Comments: 0

Article URL: https://agelesslinux.org/

Comments URL: https://news.ycombinator.com/item?id=47308039

Points: 1

# Comments: 0

Article URL: https://www.jeremyg.dev/k-shaped-ai-adoption/

Comments URL: https://news.ycombinator.com/item?id=47308037

Points: 1

# Comments: 0

Yankput is a Mac clipboard manager built for developers. The core idea: your clipboard is a security hole and nobody is watching it. The feature that started it all — crypto address swap protection. Malware silently replaces crypto addresses in your clipboard while you're pasting. Yankput detects when a copied address changes before you paste and fires a system alert. It also detects and masks secrets (API keys, GitHub tokens, AWS keys, etc.) and auto-deletes them after 5 minutes. Plus an Incognito mode that pauses recording entirely. On top of that: JSON/XML formatter, Base64 encoder, SHA hash generator, regex tester, and line diff — all operating on whatever's in your clipboard. $14.99 one-time. yankput.app Would love feedback from the HN crowd, especially on the security angle.

Comments URL: https://news.ycombinator.com/item?id=47308032

Points: 1

# Comments: 0

Article URL: https://manticoresearch.com/blog/azure-ai-search-vs-manticore/

Comments URL: https://news.ycombinator.com/item?id=47308027

Points: 1

# Comments: 0

Article URL: https://homewithinnowhere.com/blog/voxel_game/

Comments URL: https://news.ycombinator.com/item?id=47308001

Points: 1

# Comments: 0

Article URL: https://bother.now/orbit?demo=true

Comments URL: https://news.ycombinator.com/item?id=47307998

Points: 1

# Comments: 0

Article URL: https://www.kellton.com/kellton-tech-blog/ceo-guide-data-readiness-ai-scaling-initiatives

Comments URL: https://news.ycombinator.com/item?id=47307993

Points: 2

# Comments: 1

Abusing DNS record management controls, the threat actor hides the location of malicious content via Cloudflare.

The post Internet Infrastructure TLD .arpa Abused in Phishing Attacks appeared first on SecurityWeek.