Feed aggregator
Judge Rules Apple Executive Lied Under Oath, Makes Criminal Contempt Referral
Article URL: https://www.thebignewsletter.com/p/judge-rules-apple-executive-lied
Comments URL: https://news.ycombinator.com/item?id=43856795
Points: 1
# Comments: 0
A mini-hairpinpeptide blocks translation termination by a distinct mechanism
Article URL: https://www.nature.com/articles/s41467-025-57659-z
Comments URL: https://news.ycombinator.com/item?id=43856785
Points: 1
# Comments: 0
AGI Is Not a Milestone
Article URL: https://www.aisnakeoil.com/p/agi-is-not-a-milestone
Comments URL: https://news.ycombinator.com/item?id=43856762
Points: 1
# Comments: 1
Reinforcement Learning for Reasoning in LLMs with One Training Example
Article URL: https://arxiv.org/abs/2504.20571
Comments URL: https://news.ycombinator.com/item?id=43856754
Points: 1
# Comments: 0
DrLupo removed from $100k PogChamps Chess event for cheating
Article URL: https://www.dexerto.com/youtube/drlupo-removed-from-100k-pogchamps-chess-tournament-for-cheating-3188473/
Comments URL: https://news.ycombinator.com/item?id=43856752
Points: 1
# Comments: 0
The rise of Cursor: The $300M ARR AI tool that engineers can't stop using
Article URL: https://www.lennysnewsletter.com/p/the-rise-of-cursor-michael-truell
Comments URL: https://news.ycombinator.com/item?id=43856745
Points: 2
# Comments: 0
Freddy the Robot and the Great Debate over AI's Future
Article URL: https://spectrum.ieee.org/freddy-robot-british-ai-winter
Comments URL: https://news.ycombinator.com/item?id=43856720
Points: 1
# Comments: 0
Show HN: I made an AI that generates SVG logos
Article URL: https://vanlogo.co/?may
Comments URL: https://news.ycombinator.com/item?id=43856719
Points: 1
# Comments: 0
SWE-Smith: Scaling Data for Software Engineering Agents
Article URL: https://arxiv.org/abs/2504.21798
Comments URL: https://news.ycombinator.com/item?id=43856679
Points: 1
# Comments: 0
Juno reveals Io's inner structure and volcanic activity; investigates cyclones
Article URL: https://www.nasaspaceflight.com/2025/04/juno-io-jupiter-cyclones/
Comments URL: https://news.ycombinator.com/item?id=43856678
Points: 2
# Comments: 0
Trust Me, I'm Local: Chrome Extensions, MCP, and the Sandbox Escape
Article URL: https://blog.extensiontotal.com/trust-me-im-local-chrome-extensions-mcp-and-the-sandbox-escape-1875a0ee4823
Comments URL: https://news.ycombinator.com/item?id=43856656
Points: 4
# Comments: 0
Apple AirPlay SDK devices at risk of takeover—make sure you update
Researchers found a set of vulnerabilities in Apple’s AirPlay SDK that put billions of users at risk of their devices being taking over.
AirPlay is Apple’s proprietary wireless technology that allows you to stream audio, video, photos, and even mirror your device’s screen from an iPhone, iPad, or Mac to other compatible devices like Apple TV, HomePod, smart TVs, or speakers. It works over Wi-Fi, so you don’t need cables.
Apple added the necessary updates on April 28 to the March 31 update. The update—iOS 18.4 and iPadOS 18.4—was initially issued on March 31, but the additional security fixes were delivered through Rapid Security Responses, or minor patches that Apple incorporated after the initial release. Rapid Security Response (RSR) is a type of software patch delivering security fixes between Apple’s regular, scheduled software updates.
The good news is if you installed the March 31 update, you should be fine. Otherwise, check manually if any updates are available.
To check if you’re using the latest software version, go to Settings > General > Software Update. You want to be on iOS 18.4.1 or iPadOS 18.4.1, so update now if you’re not. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.
- The latest version of macOS is 15.4.1. Learn how to update the software on your Mac and how to allow important background updates.
- The latest version of tvOS is 18.4.1. Learn how to update the software on your Apple TV.
- The latest version of watchOS is 11.4. Learn how to update the software on your Apple Watch.
- The latest version of visionOS is 2.4.1. Learn how to update the software on your Apple Vision Pro.
The AirPlay SDK (Software Development Kit) is a set of programming tools Apple provides to app developers to integrate AirPlay functionality into their apps. Using the AirPlay SDK, developers can add features that allow their apps to stream audio or video content wirelessly to AirPlay-compatible devices. This makes apps “AirPlay-ready” by handling the streaming and control behind the scenes.
Combining vulnerabilities allows an attacker on the local network to potentially take control of devices that support AirPlay—both Apple devices and third-party devices that leverage the AirPlay SDK.
Apple released updates to fix the vulnerabilities on April 29 for members of the Apple MFi Program, who are developers of Apple-compatible accessories or software.
The researchers who found and reported these flaws warn they can be exploited without any user interaction—or with just a single click—to execute remote code. Attackers could also use them for man-in-the-middle interceptions, denial-of-service disruptions, and to bypass access controls and user prompts. On top of that, these vulnerabilities may allow unauthorized access to sensitive data and local files, making them a serious risk that demands immediate attention.
Technical detailsIn total, the researchers responsibly disclosed 23 vulnerabilities to Apple, leading to 17 CVEs being issued. A complete list and description of these CVEs, as well as specific attack scenarios they enable, can be found on their blog.
The most important vulnerabilities are:
CVE-2025-24252: Successful exploitation of the use-after-free vulnerability could allow a remote attacker to execute arbitrary code. When exploited together with CVE-2025-24206, the attacker is able to perform zero-click remote code execution on other vulnerable AirPlay-enabled devices in the same network, without any user interaction. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.
CVE-2025-24206: Successful exploitation of the vulnerability could allow an attacker to bypass authentication and conduct malicious activities without user interaction when exploited with other vulnerabilities.
CVE-2025-24132: Successful exploitation of the stack-based buffer overflow vulnerability could allow an attacker to perform zero-click remote code execution on vulnerable AirPlay SDK devices and potentially leak sensitive information by eavesdropping.
That the attacker does need to be on the same network, but exploitation require minimal to no interaction of the target.
Possible protective actionsThese depend very much on the types of devices you are using, so I will try to give some general guidance and the reasons behind them.
- As we said above, make sure your devices are fully updated
- Use up-to-date and active malware protection
- Disable AirPlay if you’re not using it, or set it to Ask as a minimum
- Disable AirPlay Receiver if it is not in use.
- Be extra careful on public networks. This vulnerability could theoretically spread in airports, offices, hotels, or conferences where many Apple devices are in close proximity. In such cases, avoid using unsecured Wi-Fi.
- Restrict AirPlay settings: Change the Allow AirPlay for to Current User. While this does not prevent all of the issues, it does reduce the protocol’s attack surface.
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.
Show HN: Organize – open-source E2EE app to help you form your own labor union
Hey HN,
I've been working on Organize for a few years now, and I figured May Day/International Workers' Day would be a good time to show it off. I'm here in the comments if you have any questions!
Problem:
According to recent polls, 70% of American workers support unions [1], and 50% say they'd join one if they could [2], but only 10% are actually in one [3]. That translates to 60 million US workers who want to join a union but haven't yet [4].
Solution:
Organize is a self-service guide for workplaces that are too small to attract a full-time organizer. 85% of US firms have less than 20 employees [5], which is often just too small to justify the full attention of a professional organizer.
Inspired by the winning strategies of veteran organizer Jane McAlevey [6], Organize helps you recruit the support of a supermajority of your coworkers, so that you can crush your certification election and win big when you negotiate your first contract.
Tech:
Organize is an MIT-licensed React Native client and Ruby on Rails backend that runs on a Raspberry Pi 5. It has a simple deploy system based on Docker Compose for now, but I'd love to switch to Kamal at some point. PRs welcome!
With the exception of a single unencrypted email per workplace organization (Org), all user-generated text within the app is end-to-end encrypted (E2EE) to minimize the value of a data breach. Each Org has its own group key, created by the Org's founder and shared through the QR membership codes discussed below.
Joining an Org involves scanning the QR membership code of any existing Org member (see [7] for a video). This builds up a web of trust via face-to-face, in-person interaction. However, the QR code really just contains a short-lived JWT and the Org's group key. As such, it's ultimately possible to invite people remotely by crafting your own JWT or sharing a screenshot of your QR code. Still, the "default mode" of in-person scanning encourages a degree of phishing resistance.
Members of every new union must determine what they think is worth fighting for. So Organize has an HN-style discussion tab with upvotes and downvotes to help surface shared grievances and come to a consensus on which demands are most important to each individual Org.
Democratic decision making strengthens unions by building trust between rank-and-file members and their officers. So Organize makes it easy to vote on anything. In addition to yes/no, multiple choice, and N-of-M voting, Organize also helps Org members elect their officers (e.g. president, VP, treasurer, etc). In addition to their real-world responsibilities, elected officers also act as Org admins within the app. For example certain officers can moderate discussions. This is handy since the E2EE makes it impossible for me to act as a moderator.
Lastly, before any new union can become certified by the National Labor Relations Board, its members must affirm that they truly want to be represented by their union for the purpose of collective bargaining. Traditionally this involves dealing with physical index cards or paper petitions and manual data entry. Recently this involves using Google Forms or email (read Gmail) to collect signatures, despite the risk of handing over all this personally identifiable information (PII) to 3rd parties. So Organize makes it easy to sign and collect union cards without giving me any of your PII, thanks to the E2EE.
Links:
- iOS app: https://apps.apple.com/app/organize-modern-labor-unions/id67...
- Android app: https://play.google.com/store/apps/details?id=app.getorganiz...
- "How to Organize" handbook/blog: https://getorganize.app/blog
- Client repo: https://github.com/High5Apps/organize-rn
- Backend repo: https://github.com/High5Apps/organize-backend
Comments URL: https://news.ycombinator.com/item?id=43856655
Points: 1
# Comments: 0
15 Inspirations for Psychonauts w/ Tim Schafer [video]
Article URL: https://www.youtube.com/watch?v=MpiKc_l4wZ4
Comments URL: https://news.ycombinator.com/item?id=43856648
Points: 1
# Comments: 0
Medicine Spares Cancer Patients from Grisly Surgeries and Harsh Therapies
Article URL: https://www.nytimes.com/2025/04/27/health/cancer-immunotherapy-solid-tumors.html
Comments URL: https://news.ycombinator.com/item?id=43856632
Points: 4
# Comments: 1
DeepSeek Running on processor in FPGA – Spoiler its slow but fun
Article URL: https://www.hackster.io/adam-taylor/deepseek-on-the-zuboard-39b6bf
Comments URL: https://news.ycombinator.com/item?id=43856625
Points: 1
# Comments: 0
Spring Cloud Data Flow End of Open-Source
Article URL: https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial/
Comments URL: https://news.ycombinator.com/item?id=43856616
Points: 1
# Comments: 0
Preparing for the Worst: Disasterstrikes
Article URL: https://disaster-strikes.com
Comments URL: https://news.ycombinator.com/item?id=43856587
Points: 1
# Comments: 1
Ask HN: Email Client
I'm looking for an email client for my mac. I find outlook to be too bloated, here are my requirements: 1) Multiple email address support (outlook and gmail accounts), ideally can show all inboxes in one place 2) Calendar 3) Sensible shortcuts - I'm considering learning/slowly dipping in and out of vim so would be open to similar shortcuts 4) Optional: Suggests events based of a message. If someone says lets make a meeting at 14:00-15:00 1/6/25 , I don't want it to hyperlink a phone number that is +14001500162025, I want to click once to make the meeting.
I'd rather stick with a client that will last the test of time that I really learn, than a new start up client. I really got into Arc Browser but now there aren't any more updates other than security.
I don't even use email a lot, I'm just a regular student, but find that I want to use outlook less each time I use it
Comments URL: https://news.ycombinator.com/item?id=43856576
Points: 1
# Comments: 6