Top 10 Web Hacking Techniques of 2025. PortSwigger's annual community-powered list highlights the most innovative web security research, from error-based SSTI techniques to ORM leaks and XS-Leaks. Side-channels emerged as a core exploitation primitive this year. MORE

Code is Cheap. Show Me the Talk. Software development as we knew it is over. LLM coding tools have fundamentally changed the game, making good articulation and engineering skills more valuable than syntax knowledge. MORE

My AI Adoption Journey. Mitchell Hashimoto shares a measured, practical approach to adopting AI tools through six phases, from dropping chatbots to always having an agent running. Includes tips on "harness engineering" to prevent agent mistakes. MORE

Oracle E-Business Suite Pre-Auth RCE Chain (CVE-2025-61882). WatchTowr walks through the exploit chain being actively used against Oracle EBS, combining SSRF, CRLF injection, auth bypass, and XSLT for pre-auth remote code execution. MORE

Discovering Negative-Days with LLM Workflows. Security patches are public before CVEs are assigned, and attackers are already monitoring for them. SpaceRaccoon built a GitHub Action to detect security patches in open-source repos before (or if ever) a CVE is published. MORE

Backseat Software. A thoughtful critique of how apps have shifted from tools we operate to channels that operate on us. Nudges, surveys, and engagement metrics have eroded trust and public life. MORE

One-click RCE on Clawdbot in Under 2 Hours. Ethiack's AI pentester Hackian autonomously found an account takeover to RCE vulnerability in the popular AI assistant control plane through websocket token leakage and CSRF. MORE

The Cloud Agent Thesis. Most AI coding tools run locally, but cloud-based agents offer persistent context and parallel execution. The gap between code assistants and autonomous agents is narrowing fast. MORE

Google Looker Vulnerabilities Enable RCE. Tenable discovered novel vulnerabilities in Google Looker that could allow authenticated attackers to achieve remote code execution and internal network access. MORE

Ticket Tricking OpenSSL.org with Google Groups. The Google Groups Ticket Trick vector is alive and well, allowing SpaceRaccoon to briefly verify an openssl.org domain through a clever Google Groups exploit. MORE

ProjectDiscovery OSS Bounty Program. The team behind Nuclei launches a bounty program rewarding bug fixes, performance improvements, and feature implementations across their open-source security tools. MORE

Vouch: Community Trust Management System. Mitchell Hashimoto releases a system for managing contributor trust through explicit vouches, designed to filter AI-generated low-quality contributions in open source projects. MORE

Semgrep Skills for AI Coding Agents. A collection of skills for AI coding agents covering OWASP Top 10, infrastructure security, and secure coding practices across 15+ languages. MORE

Live Hacking 2025: $4.3M in Bounties. HackerOne's recap of live hacking events from 2025 shows the security researcher community earned millions testing real organizations around the world. MORE

Ask HN: Who is Hiring? (February 2026). The monthly Hacker News hiring thread featuring remote and on-site opportunities in tech, security, and engineering. MORE

@taylorotwell - Laravel creator. Ship or die.

@svpino - Computer scientist teaching hard-core AI/ML Engineering.

@TatianaTMac - Tech Misanthropologist, Engineer, OSS maintainer.

@Krevetk0Valeriy - Security enthusiast and bug bounty hunter at HackerOne and Bugcrowd.

@J0_mart - Sharing is knowledge.

The Open Source Design Stack. A curated collection of open source design tools for building modern interfaces without expensive proprietary software. MORE

Standard.site: One Schema, Every Platform. A new project building agent-friendly documentation for AT Protocol, creating standardized formats for long-form platforms. MORE

Corrupting the Hive Mind: Windows Persistence. Praetorian explores persistence through forgotten Windows registry internals, demonstrating techniques to overwrite and modify valid binary registry hives. MORE

CVE-2026-23993: JWT Authentication Bypass in HarbourJwt. A JWT bypass vulnerability found in an obscure programming language called Harbour. The fun part? The author didn't even know the language existed when finding the bug. MORE

French Kubernetes Cluster Hunts Webhook Endpoints. GreyNoise documents an unusual webhook scanning campaign originating from a full Kubernetes cluster rather than throwaway VPS instances. MORE

Introducing the Codex App. OpenAI releases a new macOS app for their Codex coding agent. Simon Willison shares his hands-on experience with the tool. MORE

Nite IZE DoohicKey Multi Tool. A compact stainless steel keychain multi-tool for everyday carry tasks. MORE

You Should Be Using Tailscale. A practical walkthrough of setting up Tailscale for secure networking across devices, with DNS settings and Zed editor integration. MORE

Announcing msgvault. Wes McKinney releases a lightning-fast private email archive and search system with terminal UI and MCP server, powered by DuckDB. MORE

Travel blogger Tynan has released his highly anticipated yearly minimalist gear recommendations. This year, he features a new custom ultralight down jacket, a folding projector, and a portable monitor that fits in a 20-liter backpack. His annual gear post highlights the best lightweight technology and clothing for digital nomads who prioritize functionality over weight. MORE

How We Built 'Claudie,' Our AI Project Manager. A full walkthrough of building an AI project manager, from someone who wouldn't have called herself technical just weeks ago. MORE

Anyone Can Cook: v0 Brings Git Workflows to Vibe-Coding. Vercel CEO Guillermo Rauch demonstrates how v0 evolved from prototyping tool to bringing proper git workflows to casual builders. MORE

How PM Uses MCPs for Meeting Prep and CRM. Reid Robinson, Principal AI Product Strategist at Zapier, shares how Model Context Protocols automate his meeting prep, CRM updates, and customer feedback synthesis. MORE

How to Create and Publish Skills. A workshop covering what skills are, how to build them, and how to take your AI agents to the next level. MORE

Ideas Over Implementation. Boz reminds us that people get attached to specific concepts rather than outcomes. Focus on the result, not the particular path to get there. MORE

Alice Hunsberger shares a comprehensive list of Trust & Safety and AI safety resources including newsletters, free courses, and professional organizations. The collection covers everything from fraud prevention to responsible AI development, making it a valuable bookmark for security professionals. MORE

AI Enablement Engineer @ Cognition. Cognition is hiring for AI enablement roles to help shape the future of autonomous software development. MORE

The Unexpected Skill for a $200K DevOps Career. Beyond technical chops, soft skills and communication often determine who advances in DevOps. MORE

How to Actually Grow Your Business in 2026. A systems-based approach to business growth that focuses on sustainable methods over quick hacks. MORE

"I waste so much time chasing people." This article introduces a simple "10-second anti-ghosting rule" to combat workplace communication delays that waste time and create stress. The author recommends replying within 48 hours even without a complete answer, using phrases like "not yet" or "still waiting on input" to build trust and prevent the anxiety that comes from being left hanging. MORE

The Cost of Convenience: Exploring how an obsession with efficiency impacts our connections and sense of self.

The "Missing Middle": A critical look at the funding structures leaving essential open-source contributors behind.

AI Philosophy: A deep dive into the importance of diverse perspectives in the future of artificial intelligence.

Workflow Secrets: Exclusive walkthroughs of advanced AI dashboards and masterclasses on professional craftsmanship.

Technical Culture: Exploring the legacy of the industry's most prestigious underground publications and hacking history