Finding Critical Bugs in Adobe Experience Manager. Security researchers at Assetnote discovered multiple critical vulnerabilities in Adobe Experience Manager (AEM), including dispatcher bypasses, SSRF, XXE, and expression language injection that could expose sensitive configuration data. MORE

Andrej Karpathy explains why AI agents will take a decade to mature, not just a year, due to fundamental limitations in current LLMs like poor continual learning and cognitive gaps. He argues we're building "digital ghosts" through internet imitation rather than true intelligence, while discussing the challenges of deploying AI safely at scale. MORE

Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office. Security researchers Sam Curry and Shubs Shah discovered a critical vulnerability in ClubWPT Gold's back office system that exposed customer data including driver's licenses, passport numbers, and financial transactions. MORE

Hustle culture lied to you (here’s a better way). Matt cut his work schedule from 50+ hours to 25 hours weekly by embracing "slow productivity" - focusing on fewer projects, working at a natural pace, and obsessing over quality instead of hustle culture's endless grind. The counterintuitive result: his best work yet while reclaiming time for health and family, proving that sustainable success comes from intentional focus rather than burnout-inducing volume. MORE

Andrej Karpathy's nanochat is a complete ChatGPT clone you can train from scratch for just $100 on an 8-GPU node in 4 hours. The minimal, hackable codebase includes everything from tokenization to web serving, producing a 1.9B parameter model that outperforms GPT-2. MORE | REPO

Executive Offense is hosting a free 4-hour workshop on December 8th covering modern horizontal recon techniques for pentesters and red teamers. Learn new tools and methods for identifying acquisitions, domains, subdomains, and infrastructure in offensive security projects. MORE

Google DeepMind's new CodeMender AI agent automatically finds and fixes software security vulnerabilities, having already patched 72 security flaws in major open-source projects. The AI can both reactively patch new bugs and proactively rewrite code to prevent entire classes of vulnerabilities from occurring. MORE

Major evolution of Apple Security Bounty, with the industry's top awards for the most advanced research. MORE

Anthropic launched Claude Skills, a simple way to give AI models new abilities using just Markdown files and scripts in folders. Unlike complex protocols like MCP, Skills let you create powerful AI agents by dropping instructions into files - making specialized tasks like data journalism or Slack GIF creation incredibly easy to build and share. MORE

Raycast just launched a custom keyboard for iOS that lets you access AI commands, snippets, quick links, and dictation without switching between apps. The keyboard includes tabs for recent actions, AI assistance with context awareness, and multi-language dictation that works better than iOS's built-in version. MORE

Anthropic launched Claude Haiku 4.5, delivering Claude Sonnet 4's coding performance at one-third the cost and twice the speed. The new model excels at real-time tasks like chat assistants and pair programming while being their safest AI model yet. MORE

Josh Cirre, DevRel at Laravel, shares how he landed his dream job by "pretending" to have the role before getting it - creating videos and content outside work hours that demonstrated the skills companies needed. He explains why going above and beyond your job description, finding where future employers hang out online, and sacrificing Netflix time for skill-building can accelerate your career trajectory. MORE

Two entrepreneurs who trained 100+ companies on AI implementation share their biggest discoveries: AI works as a "great equalizing force" that lets small businesses compete like large ones, but success requires documenting business processes first. The real transformation isn't just operational efficiency—it's that business owners finally understand their companies at a fundamental level through the lens of systematic processes. MORE

Developer Relations (DevRel) jobs are surging to all-time highs after being declared "dead" just a year ago, with companies like Anthropic offering $460K salaries for DevRel roles. The comeback is driven by renewed focus on bottom-up developer adoption, where being "reliably good at Twitter" and organizing IRL events has become a viable path to landing these coveted positions. MORE

Daniel Debow shares his "Helpful Hierarchy" framework for early-stage employees, showing how to progress from simply reporting problems to proactively solving them. The key is reaching Level 5: identifying issues, researching solutions, implementing fixes, and then updating your boss on what you've already handled. MORE

Developer saw Shopify CEO Tobi Lütke's tweet about Chrome focusing existing tabs instead of creating duplicates, then actually built and shipped the feature into Chromium. The --focus command now lets you jump to matching tabs or create new ones, reducing memory usage and tab chaos for developers. MORE

Peter Steinberger shares his no-nonsense approach to AI-powered development, using GPT-5-codex to write 100% of his code across multiple projects. He advocates for simple, direct communication with AI agents rather than complex workflows, running 3-8 parallel agents that handle everything from commits to refactoring automatically. MORE

Podcast Magic lets you screenshot Spotify or Apple Podcasts when you hear something interesting, then email it to get an AI-generated clip and transcript back in under a minute. It's the easiest way to save and share those "aha moments" from your favorite podcasts without interrupting your listening flow. MORE

Notion's co-founders demo their new AI agents that can create databases, search the web, and handle complex tasks through simple chat commands. The agents use context from your entire workspace and can be personalized or shared as custom agents across teams, eliminating tedious manual work. MORE

Security researcher Victor Poucheret, @Blaklis_ and Snorlhax scored Epic Games' largest-ever bug bounty of $130,000 and won the Most Valuable Hacker award at a live hacking event. The trio's collaboration netted them both the record payout and championship recognition for their impressive vulnerability discoveries. MORE

@TechEmiiily and @0xtavian got married. Congrats again!

ArtSec made his secondary goal of 20k for the year. MORE

Tavis Ormandy left Google after nearly 20 years. He'll be working on independent research for the foreseeable future. MORE

This profile explores how Josh Kushner built Thrive Capital from a $5M fund into a $25B venture powerhouse through prescient bets on Instagram, Stripe, and OpenAI. The piece reveals how his Holocaust survivor grandparents' story shaped his investment philosophy and his pivotal role in the OpenAI leadership crisis. MORE

Building the Leading Open-Source Pentesting Agent: Architecture Lessons from XBOW Benchmark. MORE

CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code. The flaw exploits AI code suggestions to extract sensitive proprietary code, posing major risks to enterprise security. MORE

A Story About Bypassing Air Canada's In-flight Network Restrictions. The clever hack exploited the fact that free "texting-only" service still allowed DNS queries, enabling full internet access without payment. MORE

LayerX researchers discovered "CometJacking," a critical vulnerability in Perplexity's Comet AI browser that lets attackers steal sensitive data through a single malicious link. The attack hijacks the AI assistant to exfiltrate emails, calendars, and connected app data by embedding hidden commands in URLs that bypass security protections through simple encoding tricks. MORE

URL schemes to directly open specific macOS System Settings panels, from Apple ID and Wi-Fi to Privacy & Security sections. Perfect for developers, power users, and IT admins who need quick programmatic access to system preferences in macOS 15 Sequoia. MORE

Google Chrome has completely removed the flag that allowed legacy extensions like uBlock Origin to work, marking the final phase of their Manifest V3 transition. Users are scrambling to find workarounds or switching to Firefox and other browsers that still support full ad-blocking capabilities. MORE

"Always stick to what makes you weird, odd, strange, different. That’s your source of power." MORE

Rhys praised v0 for successfully creating a natural language grocery list app that opens in Amazon Fresh in just 3 prompts, while other AI coding tools failed. The thread highlights v0's built-in AI gateway integration and effectiveness for rapid prototyping compared to competitors like Bolt and Lovable. MORE

Petr Nikolaev solved AI agent distraction by adding a prompt that triggers Raycast confetti whenever responses complete. The clever hack uses a simple deeplink command to provide visual feedback when long-running AI tasks finish. MORE

Sarah Chieng and Matt Palmer share battle-tested strategies for creating developer videos that actually engage audiences, focusing on value over promotion. They reveal five key rules including earning attention upfront, adding genuine educational value, and being authentically interesting rather than following generic viral trends. MORE

Ryo Lu argues that software should offer simple defaults while keeping advanced features accessible, criticizing the "we know better than you" mentality that treats users like babies. He believes transparent systems create power users who become creators and build communities, using Cursor as an example of a tool that lets users chat simply or dive deep into code. MORE

All digital media is converging into one format: endless streams of short-form video that prioritize flow over substance. This shift from discrete content to continuous "television" is making society lonelier, less thoughtful, and more focused on spectacle than meaningful engagement. MORE

How to be a writer on a marketing team without sounding like a jerk. The key is putting yourself in the reader's shoes and asking "how would I explain this to my best friend over coffee?" MORE

Bashbunni shares practical strategies for coding without AI assistance, including using editor tools, documentation resources like DevDocs, and man pages. The video emphasizes building fundamental problem-solving skills while strategically using AI only for research and code review rather than feature implementation. MORE

The CL4R1T4S GitHub repository exposes leaked system prompts from major AI companies like OpenAI, Google, Anthropic, and xAI, revealing the hidden instructions that shape how chatbots behave. This transparency project aims to show users what ethical frameworks and restrictions are secretly built into AI systems they interact with daily. MORE

How to create an infinite money cheat for Cyberpunk 2077 using Cheat Engine to locate and modify the game's memory addresses. MORE

Clever SQLite injection technique uses CREATE VIEW with backticks to execute shell commands and create files on IoT devices. This method is more compact and versatile than traditional ATTACH DATABASE approaches, making it ideal for payload size constraints. MORE

Security researchers discovered a critical SSRF vulnerability (CVE-2025-57822) in Next.js middleware that lets attackers control HTTP requests and steal sensitive data. The flaw affected over 5,000 domains and was caused by developers incorrectly passing user headers to NextResponse.next(). MORE

The Critical Thinking Bug Bounty Podcast's research lab publishes detailed technical writeups and vulnerability disclosures to help security professionals advance their skills. Featured research includes innovative techniques like "Nested Response Splitting" for CSP bypass, libmagic file detection inconsistencies, and HTML-based XSS filter evasion methods. MORE