Feed aggregator

Article URL: https://www.science.org/doi/10.1126/science.adt2760

Comments URL: https://news.ycombinator.com/item?id=47000592

Points: 1

# Comments: 1

If you’ve seen the two stoat siblings serving as official mascots of the Milano Cortina 2026 Winter Olympics, you already know Tina and Milo are irresistible.

Designed by Italian schoolchildren and chosen from more than 1,600 entries in a public poll, the duo has already captured hearts worldwide. So much so that the official 27 cm Tina plush toy on the official Olympics web shop is listed at €40 and currently marked out of stock.

Tina and Milo are in huge demand, and scammers have noticed.

When supply runs out, scam sites rush in

In roughly the past week alone, we’ve identified nearly 20 lookalike domains designed to imitate the official Olympic merchandise store.

These aren’t crude copies thrown together overnight. The sites use the same polished storefront template, complete with promotional videos and background music designed to mirror the official shop.olympics.com experience.

Fake site offering Tina at a huge discount Real Olympic site showing Tina out of stock

The layout and product pages are the same—the only thing that changes is the domain name. At a quick glance, most people wouldn’t notice anything unusual.

Here’s a sample of the domains we’ve been tracking:

2026winterdeals[.]top
olympics-save[.]top
olympics2026[.]top
postolympicsale[.]com
sale-olympics[.]top
shopolympics-eu[.]top
winter0lympicsstore[.]top (note the zero replacing the letter “o”)
winterolympics[.]top
2026olympics[.]shop
olympics-2026[.]shop
olympics-2026[.]top
olympics-eu[.]top
olympics-hot[.]shop
olympics-hot[.]top
olympics-sale[.]shop
olympics-sale[.]top
olympics-top[.]shop
olympics2026[.]store
olympics2026[.]top

Based on telemetry, additional registrations are actively emerging.

Reports show users checking these domains from multiple regions including Ireland, the Czech Republic, the United States, Italy, and China—suggesting this is a global campaign targeting fans worldwide.

Malwarebytes blocks these domains as scams.

Anatomy of a fake Olympic shop

The fake sites are practically identical. Each one loads the same storefront, with the same layout, product pages, and promotional banners.

That’s usually a sign the scammers are using a ready-made template and copying it across multiple domains. One obvious giveaway, however, is the pricing.

On the official store, the Tina plush costs €40 and is currently out of stock. On the fake sites, it suddenly reappears at a hugely discounted price—in one case €20, with banners shouting “UP & SAVE 80%.” When an item is sold out everywhere official and a random .top domain has it for half price, you’re looking at bait.

The goal of these sites typically includes:

• Stealing payment card details entered at checkout
• Harvesting personal information such as names, addresses, and phone numbers
• Sending follow-up phishing emails
• Delivering malware through fake order confirmations or “tracking” links
• Taking your money and shipping nothing at all

The Olympics are a scammer’s playground

This isn’t the first time cybercriminals have piggybacked on Olympic fever. Fake ticket sites proliferated as far back as the Beijing 2008 Games. During Paris 2024, analysts observed significant spikes in Olympics-themed phishing and DDoS activity.

The formula is simple. Take a globally recognized brand, add urgency and emotional appeal (who doesn’t want an adorable stoat plush for their kid?), mix in limited availability, and serve it up on a convincing-looking website. With over 3 billion viewers expected for Milano Cortina, the pool of potential victims is enormous.

Scammers are getting smarter. AI-powered tools now let them generate convincing phishing pages in multiple languages at scale. The days of spotting a scam by its broken images and multiple typos are fading fast.

Protect yourself from Winter Olympics scams

As excitement builds ahead of the Winter Olympics in Milano Cortina, expect scammers to ramp up their efforts across fake shops, fraudulent ticket sites, bogus livestreams, and social media phishing campaigns.

• Buy only from shop.olympics.com. Type the address directly into your browser and bookmark it. Don’t click links from ads or emails.
• Don’t trust extreme discounts. If it’s sold out officially but “50–80% off” elsewhere, it’s likely a scam.
• Check the domain closely. Watch for odd extensions like .top or .shop, extra hyphens, or letter swaps like “winter0lympicsstore.”
• Never enter payment details on unfamiliar sites. If something feels off, leave immediately.
• Use browser protection. Tools like Malwarebytes Browser Guard block known scam sites in real time, for free. Scam Guard can help you check suspicious websites before you buy.

We don’t just report on scams—we help detect them

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

Article URL: https://www.seedance20.site

Comments URL: https://news.ycombinator.com/item?id=47000574

Points: 1

# Comments: 0

Article URL: https://www.reuters.com/legal/litigation/trump-administration-set-revoke-basis-us-climate-regulation-2026-02-12/

Comments URL: https://news.ycombinator.com/item?id=47000564

Points: 2

# Comments: 0

[DISCLAIMER]: This is shared strictly for educational purposes and as a case study for the security community. My goal is to discuss the logic of security response systems, not to target any individual or proprietary data. The Case: I am seeking the community's perspective on a technical disagreement. Who is at fault when a manual proof of a bypass is provided, yet the response logic remains inconsistent? The Timeline & Logic Gap: The Report: I reported a logic flaw in a payments-related sub-domain. It was initially reviewed and marked as "Triaged". The Dismissal: Shortly after, the report was marked as "Closed (Informative)". No technical explanation was provided for why the triage was reversed. The Manual Proof: I provided a manual bypass using an Admin-Token: true header, which resulted in a successful HTTP/2 200 OK response (verified in terminal logs). The Loop: Following this evidence, the report went through a "Triaged-Closed" loop. Despite the manual proof of a 200 OK status, the case remains closed without a patch. Where is the Fault? Is it the Company's fault? For dismissing a manual proof of a 200 OK bypass and relying on automated closure logic instead of verifying the vulnerability's impact. Is it the Researcher's fault? For providing evidence that contradicts the "Informative" status and expecting a technical justification for the closure. The Evidence (Screenshots): Manual Proof (HTTP/2 200 OK Bypass): https://i.ibb.co/kgMjSBBK/Whats-App-Image-2026-02-13-at-1-40-12-PM.jpg Report Status History (The Loop): https://i.ibb.co/5gsLnyJJ/Whats-App-Image-2026-02-13-at-1-43-58-PM.jpg Initial Triage Confirmation: https://i.ibb.co/K3ZCQ48/Whats-App-Image-2026-02-13-at-1-38-17-PM.jpg 48-Hour Notice Email: https://i.ibb.co/Df8GwCH0/Whats-App-Image-2026-02-13-at-1-54-37-PM.jpg Full Communication Logs: https://i.ibb.co/zTbNRFQy/Whats-App-Image-2026-02-13-at-1-38-27-PM.jpg My Question to Developers & Researchers: When a researcher proves a bypass with a 200 OK response, but the company keeps the report "Closed," is this a standard industry practice or a gap in the security response logic? Google VRP

Comments URL: https://news.ycombinator.com/item?id=47000551

Points: 1

# Comments: 0

Article URL: https://openclawskill.net

Comments URL: https://news.ycombinator.com/item?id=47000545

Points: 1

# Comments: 1

I am a developer. I have been building stuff for the last 13 years. One common challenge in all my projects is compressing assets to make them as small as possible. I used to end up using online compressors, but this has a lot of privacy concerns.

So, I finally set down for couple of weeks and built this simple app. I can just drag and drop assets in it and it shrinks them. It currently supports around 25 file types.

I built a lot of iOS apps but this is the first time building a macOS app, so any feedback is welcome.

Comments URL: https://news.ycombinator.com/item?id=47000541

Points: 2

# Comments: 0

Article URL: https://twitter.com/TheDealMakerGuy/status/2021980347752476910

Comments URL: https://news.ycombinator.com/item?id=47000538

Points: 2

# Comments: 2

Article URL: https://github.com/alibaba/zvec

Comments URL: https://news.ycombinator.com/item?id=47000535

Points: 1

# Comments: 0

Article URL: https://goaccess.io/release-notes

Comments URL: https://news.ycombinator.com/item?id=47000269

Points: 1

# Comments: 1

Three of the security defects are high-severity flaws, two of which were found and reported by Google.

The post Chrome 145 Patches 11 Vulnerabilities appeared first on SecurityWeek.

Article URL: http://karpathy.github.io/2026/02/12/microgpt/

Comments URL: https://news.ycombinator.com/item?id=47000263

Points: 1

# Comments: 0

Article URL: https://tomquirk.me/reflecting-on-my-ai-adoption-timeline

Comments URL: https://news.ycombinator.com/item?id=47000256

Points: 1

# Comments: 0

Article URL: https://www.theguardian.com/technology/2026/feb/11/big-ai-job-swap-white-collar-workers-ditching-their-careers

Comments URL: https://news.ycombinator.com/item?id=47000214

Points: 1

# Comments: 0

Article URL: https://bsky.app/profile/thekinsie.com/post/3mep77kgpps2r

Comments URL: https://news.ycombinator.com/item?id=47000210

Points: 1

# Comments: 0

I stopped my CC Max plan a few months ago, but I'm trying it again for fun after seeing their $30 billion series G or whatever.

It just doesn't work. I'm trying to build a simple tool that will let me visualize grid layouts.

It needs to toggle between landscape/portrait, and implement some design strategies so I can see different visualizations of the grid. I asked it to give me a slider to simulate the number of grids.

1st pass, it made something, but it was squished. And toggling between landscape and portrait made it so it squished itself the other way so I couldn't even see anything.

2nd pass, syntax error.

3rd try I ask it to redo everything from scratch. It now has a working slider, but the landscape/portrait is still broken.

4th try, it manages to fix the landscape/portrait issue, but now the issue is that the controls are behind the display so I have to reload the page.

5th try, it manages to fix this issue, but now it is squished again.

6th try, I ask it to try again from scratch. This time it gives me a syntax error.

This is so frustrating.

Comments URL: https://news.ycombinator.com/item?id=47000206

Points: 1

# Comments: 0

Hi HN — I built a small web app that scans a list of tickers across multiple timeframes and flags potential overbought/oversold mean‑reversion setups using a regression-channel Z‑score.

Live MVP: https://zcoreai.onrender.com/

What it does:

Pick tickers + timeframes, then run a scan

Outputs a matrix of signals (simple labels now; “expert” view shows exact values of Z-Score)

Why: I wanted something fast to answer “what’s oversold / overbought right now?” without opening all charts on every timeframes on TradingView.

Notes / current state:

- Early MVP, UI is intentionally minimal

I’d love feedback on:

- Whether the output is understandable/useful

- Which features you’d want next (alerts, presets, exports, etc.)

- Any obvious UX issues or missing pieces for a tool like this

Happy to answer questions and share implementation details if people are interested.

Comments URL: https://news.ycombinator.com/item?id=47000182

Points: 1

# Comments: 1

Article URL: https://github.com/bountyyfi/invisible-prompt-injection

Comments URL: https://news.ycombinator.com/item?id=47000173

Points: 1

# Comments: 0

Article URL: https://howcooked.me/

Comments URL: https://news.ycombinator.com/item?id=47000170

Points: 1

# Comments: 0

Article URL: https://css-doodle.com/

Comments URL: https://news.ycombinator.com/item?id=47000164

Points: 2

# Comments: 0