OAuth

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with the company’s handling of security reports. Ammar Askar dropped a proof of concept (PoC) exploit for a Visual Studio Code (VS Code) flaw within just an hour of disclosing it to “an old contact” at the open source platform, according to his account of things. The vulnerability he exposed involves attackers configuring repos, either of their own making or those they have...

Karpathy LLM Wiki pattern integrated into Obsidian agenic workflow

An autonomous AI agent inside your Obsidian vault. You describe a task, it plans, searches, reads, writes, and reports back. Every action is visible.

Show HN: macOS menu bar gauges for your Claude Code quota

Menu bar gauges for your Claude Code quota — one bar per account, like this: (drawn for dark menu bars — white outlines) - Each bar shows the 5-hour-window utilization for one account, colored green / orange (≥70%) / red (≥90%). - When the 5-hour window is fully used, the bar shows a countdown until reset ( 4:28 ) instead of the percentage. When the weekly limit is hit, the bar turns black with a countdown to the weekly reset ( 2D ) — that's the harder cap, whatever the 5-hour window says.

The iPad was on Tailscale: a WebRTC debugging story

If you're not familiar with how p2claw works, it's worth checking out the how it works blog post before diving into this one. I opened one of my p2claw apps on my iPad and got a blank page. The same URL was working on my Mac, my linux box and my phone.

Overlaying Governance: A Compositional Authorization Framework for Delegation and Scope in Agentic AI

Announce Type: new Abstract: As AI systems evolve from passive models into autonomous active agents capable of initiating actions, collaborating, and delegating tasks, the traditional boundaries of software systems blur. Traditional authorization and delegation frameworks, built around fixed principals, explicit requests, and static scopes, are insufficient to govern agentic systems. Agentic AI demands richer authorization semantics: agents must inherit and delegate permissions, act under...

Anthropic's open-source framework for AI-powered vulnerability discovery

A reference implementation for autonomous vulnerability discovery and remediation with Claude, based on our learnings from partnering with security teams at several organizations since launching Claude Mythos Preview. For a write up of these learnings along with best practices, see the accompanying blog post (also available in blog-post.md ). For a lightweight SDK-only walkthrough of the same recon → find → triage → report → patch loop, see the companion cookbook.

Anthropic, please ship an official Claude Desktop for Linux

- Notifications You must be signed in to change notification settings - Fork 21.2k Official Claude Desktop build for Linux (Ubuntu LTS / Debian) #65697 Description Preflight Checklist - I have searched existing requests and this feature hasn't been requested yet - This is a single feature request (not multiple features) Problem Statement Preflight note. The closest open issue is #40347.

1-Click GitHub Token Stealing via a VSCode Bug

Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones. Table of Contents - Background - VSCode Webview Security Model - PoC and Protecting Yourself - What VSCode Did Well - Why Full Disclosure - Timeline Background Did you know GitHub has this really cool feature called github.dev? On any repository you have access to, if you can change the url from github.com to github.dev or you click this little menu...