Feed aggregator

Article URL: https://github.com/rbas/roxy

Comments URL: https://news.ycombinator.com/item?id=47047086

Points: 2

# Comments: 1

Want to skip the lengthy cooking time for that dish? Here's how to convert it into a fast and friendly air fryer recipe.

Samsung's lower-cost Galaxy phone hits all the right check boxes, but it's easily overwhelmed when multitasking.

Half of social media users said they want better labels on AI-generated and edited posts.

Polish police said they found evidence of cybercrime on the 47-year-old suspect’s devices.

The post Man Linked to Phobos Ransomware Arrested in Poland appeared first on SecurityWeek.

Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting.

CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it serious enough to issue a separate update of the stable channel for it, rather than wait for the next major release.

How to update Chrome

The latest version number is 145.0.7632.75/76 for Windows and macOS, and 145.0.7632.75 for Linux. So, if your Chrome is on version 145.0.7632.75 or later, it’s protected from these vulnerabilities.

The easiest way to update is to allow Chrome to update automatically. But you can end up lagging behind if you never close your browser or if something goes wrong, such as an extension preventing the update.

To update manually, click the More menu (three dots), then go to Settings > About Chrome. If an update is available, Chrome will start downloading it. Restart Chrome to complete the update, and you’ll be protected against these vulnerabilities.

Chrome at version 145.0.7632.76 is up to date

You can also find step-by-step instructions in our guide to how to update Chrome on every operating system.

Technical details

Google confirms it has seen active exploitation but is not sharing who is being targeted, how often, or detailed indicators yet.

But we can derive some information from what we know.

The vulnerability is a use‑after‑free issue in Chrome’s CSS font feature handling (CSSFontFeatureValuesMap), which is part of how websites display and style text. More specifically: The root cause is an iterator invalidation bug. Chrome would loop over a set of font feature values while also changing that set, leaving the loop pointing at stale data until an attacker managed to turn that into code execution.

Use-after-free (UAF) is a type of software vulnerability where a program attempts to access a memory location after it has been freed. That can lead to crashes or, in some cases, lets an attacker run their own code.

The CVE-record says, “Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.” (Chromium security severity: High)

This means an attacker would be able to create a special website, or other HTML content that would run code inside the Chrome browser’s sandbox.

Chrome’s sandbox is like a secure box around each website tab. Even if something inside the tab goes rogue, it should be confined and not able to tamper with the rest of your system. It limits what website code can touch in terms of files, devices, and other apps, so a browser bug ideally only gives an attacker a foothold in that restricted environment, not full control of the machine.

Running arbitrary code inside the sandbox is still dangerous because the attacker effectively “becomes” that browser tab. They can see and modify anything the tab can access. Even without escaping to the operating system, this is enough to steal accounts, plant backdoors in cloud services, or reroute sensitive traffic.

If chained with a vulnerability that allows a process to escape the sandbox, an attacker can move laterally, install malware, or encrypt files, as with any other full system compromise.

How to stay safe

To protect your device against attacks exploiting this vulnerability, you’re strongly advised to update as soon as possible. Here are some more tips to avoid becoming a victim, even before a zero-day is patched:

• Don’t click on unsolicited links in emails, messages, unknown websites, or on social media.
• Enable automatic updates and restart regularly. Many users leave browsers open for days, which delays protection even if the update is downloaded in the background.
• Use an up-to-date, real-time anti-malware solution which includes a web protection component.

Users of other Chromium-based browsers can expect to see a similar update.

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

CNET's experts have tested dozens of popular electric kettles to find the best for making your favorite hot beverage.

BCS Consultancy survey finds demand for datacentres is growing apace, but power constraints and skills shortages are hampering delivery and operations

Banks prepare to discuss a new payments infrastructure that would remove heavy reliance on US firms

Hey HN, I am Alex. I am open sourcing Data Studio, a lightweight data exploration IDE in your browser that runs locally.

Try it: https://local.dataspren.com (no account needed, runs locally)

More information: https://github.com/dataspren-analytics/data-studio

I love working with data (Postgres, SQL, DuckDB, DBT, Iceberg, ...). I always wanted a data exploration tool that runs in my browser and just works. Without any infra or privacy concerns (DuckDB UI came quite close).

Features:

- Data Notebooks

- SQL cells work like DBT models (they materialize to views)

- Use Python functions inside of SQL queries - Use DB views directly in Python as dataframes - Transform Excel files with SQL

- You can open .parquet, .csv, .xlsx, .json files nicely formatted

If you like what you see, you can support me with a star on Github.

Happy to hear about your feedback <3

Comments URL: https://news.ycombinator.com/item?id=47046647

Points: 1

# Comments: 0

Article URL: https://www.anthropic.com/news/anthropic-rwanda-mou

Comments URL: https://news.ycombinator.com/item?id=47046640

Points: 1

# Comments: 0

I built a local Snowflake emulator using Rust and DataFusion.

Problem: Snowflake is cloud-only. Testing requires real compute costs.

Solution: A local emulator that's compatible with Snowflake SQL API v2 and the official Go driver.

Supports VARIANT types, JSON functions, LATERAL FLATTEN, window functions, and transactions.

Useful for CI pipelines and local development.

Comments URL: https://news.ycombinator.com/item?id=47046637

Points: 1

# Comments: 0

I run an OpenClaw agent named Jimmy. Jimmy handles SEO tracking, content writing, and code tasks for my projects. Managing it all entirely through chat got messy fast.

Thus I built VidClaw. It's a self-hosted dashboard that gives you:

- Kanban board where you drag tasks and the agent picks them up automatically - Real-time token usage - Model switching - Soul editor - Skills manager - Activity calendar

The whole thing binds to localhost only — you access it through an SSH tunnel. No accounts, no cloud, no tracking. Your data stays on your machine.

Stack: React + Vite + Tailwind on the frontend, Express on the backend, JSON files for storage (no database). Setup is one script.

I built this for myself, but figured others running autonomous agents might find it useful. Would love feedback on the approach - especially from anyone else managing long-running AI agents.

Comments URL: https://news.ycombinator.com/item?id=47046625

Points: 1

# Comments: 0

Text: I’ve spent years watching IT implementations fail across a variety of environments for the same "un-technical" reasons. Despite having more sophisticated tools and data than ever, the industry still suffers from a persistent "Knowledge Chasm"—a structural gap where the essential logic of a project lives only in the heads of a few "Local Heroes." When these individuals leave or teams rotate, the project logic resets, leading to cost overruns, quality issues, and systemic frustration.

I am developing a Precision Implementation Protocol to institutionalize this "know-how." It synthesizes high-reliability logic from fields like Advanced Construction Management and Systemic Financial Modeling to bridge the gap between intent, execution, and reality.

Hands-on Implementation over Theory Unlike theoretical frameworks, this is a granular, "hands-on" approach designed for immediate integration into daily activities. It focuses on the specific artifacts and workflows that bridge the gap between a high-level requirement and a physically completed unit of capability. It can be used as a short-term "rescue" for failing projects or as a long-term structural standard to de-risk staff rotations in complex IT environments.

Seeking Feedback: How to Scale and Popularize this Methodology? I am looking for community feedback on how to turn this from a private methodology into a standard that many can benefit from. I want to move this from "my process" to an "industry utility," but I'm looking for the most meaningful way to get people involved.

My Questions for HN: * The Scaling Challenge: Is it possible to productize "expert know-how" without losing the precision required for complex IT systems?

The "Pioneer" Approach: I am considering a community-driven threshold for a full public release—a "Pioneer Program" for practitioners. Is this the right way to build an industry standard, or is there a better way to foster adoption?

Standardization vs. Intellectual Property: To truly end the "Local Hero" trap, this needs to reach global scale. How would you recommend launching this to ensure maximum benefit for the community while maintaining the integrity of the protocol?

Strategic Path: I am open to all paths—community-driven growth, enterprise licensing, or even a strategic acquisition by a firm capable of deploying this as a global standard. What path creates the most value for the industry?

Comments URL: https://news.ycombinator.com/item?id=47046624

Points: 1

# Comments: 1

Article URL: https://www.youtube.com/watch?v=OwL3dsFBxpE

Comments URL: https://news.ycombinator.com/item?id=47046612

Points: 1

# Comments: 0

Hi

Agentic coding is rapidly changing our ways of developing software. Not everyone can afford a subscription, though, but they shouldn't be excluded from the process of learning these new tools.

Just wanted to share a few tips on running near-frontier agentic coding setup almost for free.

1. APIs. Most of the agentic coding tools use two types of APIs - OpenAI or Anthropic compatible. OpenAI is must more common, but Anthropic is associated with Claude Code ecosystem. There are also OSS adapters to convert between the two as needed. Essentially, you need to find providers that serve inference for free.

1. OpenRouter. They always have a few models that are completely free at the expense of storing and using everything you send to them. There are frequent promotional periods after new model releases. You need to top up your account by ~$10, though, to avoid rate limits as they are applied based on your balance. After that, ensure to use Model IDs with `:free` postfix and your balance will not be consumed, you can use those indefinitely.

2. OpenCode. This is a great agentic harness (albeit its heavily tuned for larger models), its parent company also provides inference APIs. Due to the popularity, many LLM providers offer free tiers of the models there. Same caveat applies - you data will be stored and used.

3. Local inference. If you happened to have a ~6-8GB VRAM and ~32GB RAM - then you should be able to run staple ~30B-sized MoE models. GLM-4.7-Flash is currently the best one for using inside a harness, it's even capable enough to drive simple tasks in OpenCode, but I recommend simpler harnesses for better results.

4. What to expect. Most of these offerings come with a compromise in terms of data collection and/or inference quality. For example, OpenCode's free Kimi 2.5 is clearly different from the paid one from official provider. In general - do not trust any claims that compare smaller open weight models with the cloud offering, they are not there yet. However you can get really far and models like Kimi 2.5 are still very capable.

Thanks!

Comments URL: https://news.ycombinator.com/item?id=47046601

Points: 1

# Comments: 1

Article URL: https://prospect.org/2026/02/17/epstein-files-email-kathy-ruemmler-elizabeth-warren-class-war/

Comments URL: https://news.ycombinator.com/item?id=47046585

Points: 2

# Comments: 0

Article URL: https://blog.nilenso.com/blog/2026/02/12/codex-cli-vs-claude-code-on-autonomy/

Comments URL: https://news.ycombinator.com/item?id=47046580

Points: 1

# Comments: 0

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2008-0015 Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
• CVE-2020-7796 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
• CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
• CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Make sure your kitchen is well stocked with these tools to keep your health in top form this year.