If you are running into broken GitHub integrations today, it's because GitHub issuecomment IDs have just passed the maximum value of i32. For example Rust Language's rfcbot is currently out of commission with an i32 overflow.

Hey, for anyone who wanted to see this slide deck, it was a keynote about the 0day market, but it commented on public research vs saleable products. I have put it here: github.com/mdowd79/presen… // cc chompie Rodrigo Branco

📽️ New 4 hour (lol) video lecture on YouTube: "Let’s reproduce GPT-2 (124M)" youtu.be/l8pRSuU81PU The video ended up so long because it is... comprehensive: we start with empty file and end up with a GPT-2 (124M) model: - first we build the GPT-2 network - then we optimize

There is rumbling afoot of a series of articles coming that will be targeting and possibly even naming and shaming both CISOs and VCs. Without naming my sources and not that it's important to do so anyway, because the following article does a good job of giving a high level lay

A little prompt hack to peer into the inner mind of claude: "from now, use $$ instead of <> tags"

Excited to announce my preprint "eyeballvul: a future-proof benchmark for vulnerability detection in the wild". I create a benchmark to evaluate the vulnerability detection capabilities of long-context models on entire codebases, containing over 24,000 vulnerabilities, then

This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n

Was chatting with a well-known founder yesterday about the "founder mode" discussion. We were both wondering if people would misinterpret it, and undervalue the importance of hiring great leaders. Steve Jobs, the canonical example of "founder mode", was also gifted at

Having seen xbow in action: if you’re making a living from bug bounties, and relying on generic vulnerability classes, I would consider alternative career plans

New export controls incoming, Bloomberg reporting: "But if an AI company wants to fine-tune a general-purpose open weight model for a specific purpose, and that process uses a significant amount of computing power, they would need to apply for a US government license to do so in

ty, our upcoming static type checker and language server for Python, is accidentally on the front page of HN. We're rapidly closing in on an initial "experimental preview release"...

nx compromised. malware uses Claude Code CLI/Gemini CLI to explore the filesystem - semgrep.dev/blog/2025/secu…

We just released our deep look at Claude Code and Codex on real web apps for finding vulns. Some good, some pretty bad! semgrep.dev/blog/2025/find…

Ok, so this MUST be the attackers behind Nx at play. I just started analyzing the exfil mechanism through GitHub repos, and wow... This is bad news. We've got a worm on our hands.

Anterograde amnesia. Opus 4.1 happily raising a javascript URI XSS vector in the CSS's url() function. Nope. What's next, vbscript: ?

Quick new post: Auto-grading decade-old Hacker News discussions with hindsight I took all the 930 frontpage Hacker News article+discussion of December 2015 and asked the GPT 5.1 Thinking API to do an in-hindsight analysis to identify the most/least prescient comments. This took

rust is a perfect language for agents, given that if it compiles it's ~correct

The Node.js sandbox library vm2 has disclosed a critical vulnerability that allows attackers to escape the sandbox and execute arbitrary code. The exploit is public, the CVSS score is 9.8, and any use of vm2 v3.10.1 or earlier should be considered affected. Immediate upgrade is