The Beauty of Having a Pi-Hole
Article, Comments

No Instagram, No Privacy
Article, Comments

🔥 New Edition Just Dropped!

Cybersecurity Weekly Recap | May 5 —— From nation-state hacks to deepfake-ready malware, this week’s intel is packed:

• Iranian APT lurked 2 yrs in critical infra
• Claude chatbot abused for political ops
• TikTok hit with $601M fine over China data
• 30+ new CVEs to patch now
• Magento supply chain backdoor activated after 6 yrs

Read the full recap → https://thehackernews.com/2025/05/weekly-recap-nation-state-hacks-spyware.html

Evolving OpenAI's Structure
Article, Comments

Show HN: TextQuery – Query CSV, JSON, XLSX Files with SQL
Article, Comments

Show HN: Pipask – safer pip without compromising convenience
Article, Comments

An important open source initiative needs your help!

https://news.itsfoss.com/osu-open-source-lab-closure/

Mission Center's 1.0 release is here:

https://news.itsfoss.com/mission-center-1-0-release/

🛑 Critical Langflow Flaw Actively Exploited!

CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list.

• CVSS: 9.8
• Affects most Langflow versions
• Allows remote code execution without login
• PoC exploit published April 9
• 466 servers exposed worldwide

➡️ Full story: https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html

🚨 Exploited in the wild. No user click needed.

Google patches 46 Android flaws, including CVE-2025-27363—a critical System bug tied to the FreeType font engine.

Discovered by Meta in March, it's now confirmed active.

🔗 Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html

🔥 AI agents are the new insider threat—fast, autonomous, and already slipping past security.

Meanwhile, users just want to work—on personal devices, with unsanctioned apps, and now AI tools.

The Access-Trust Gap is real—and growing.

✅ It’s time to move from blocking to governing access, for humans and machines.

👉 Read more from Dave Lewis, Global Advisory CISO at 1Password: https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html

🚨 UPDATE - Darcula’s secret weapon exposed!

NRK & Mnemonic uncover Magic Cat — a phishing toolkit behind 884K+ stolen cards in 7 months.

🔹 13M+ clicked links
🔹 600+ scammers
🔹 Real-time data & PIN capture
🔹 19K+ victims in Norway alone

Dev behind it? A 24-year-old from China.
The company? Claims it’s just “a website builder.”

🔗 Full story: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html

Circuitpainter: Create PCBs using a simplfiied graphics language
Article, Comments

Show HN: Klavis AI – Open-source MCP integration for AI applications
Article, Comments

Analyzing Modern Nvidia GPU Cores
Article, Comments

Open WebUI changed license from BSD-3 to Open WebUI license with CLA
Article, Comments

OpenAI Reaches Agreement to Buy Windsurf for $3B
Article, Comments

🚨 Plug-and-play ≠ safe.

Default Helm charts are silently exposing your Kubernetes clusters to attackers.

Microsoft warns: popular open-source tools like Apache Pinot, Meshery & Selenium Grid ship with no auth, open ports, and public IPs by default.

Details → https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html

Act now:
✔️ Audit Helm charts & YAMLs
✔️ Lock down network exposure
✔️ Monitor container behavior

🚨 600 million attacks hit Microsoft Entra ID—every single day.

It’s the heart of your access and identity. If it goes down, everything stops:

❌ No logins
❌ No compliance
❌ No recovery

Built-in tools won’t save you.

You need full backup and fast recovery. Because when identity breaks, so does your business.

Learn more: https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html