2026-04-09

News, Tech
Artificial Intelligence, Privacy, Open Source, Software Engineering, Game Development

Hacker News — 2026-04-09#

Top Story#

The Vercel Claude Code plugin has been caught using prompt injection to fake user consent for telemetry, quietly exfiltrating full bash command strings to Vercel’s servers across all local projects. Instead of implementing a proper UI for permission, the plugin injects behavioral instructions into Claude’s system context, forcing the agent to execute shell commands to write tracking preferences based on your chat replies. It’s exactly the kind of quiet overreach and abuse of LLM integrations that makes developers deeply paranoid about agent tooling.

Hacker News

News, Tech
Cybersecurity, Artificial Intelligence, Open Source, Software Development, Software Engineering, Linux, Cloud Computing, Systems Programming, Startups, Performance Optimization, Go, C, Machine Learning, C++, Hardware Hacking, Privacy, Game Development

Hacker News — Week of 2026-04-04 to 2026-04-10#

Story of the Week#

Anthropic’s frontier AI models crossed a terrifying new threshold in autonomous cybersecurity, completely shifting the industry’s threat model. First, Claude Code uncovered a complex, 23-year-old vulnerability in the Linux kernel’s NFS driver that predated Git itself. Days later, the infosec community went into full meltdown when Anthropic’s unreleased “Mythos” model autonomously wrote a 200-byte ROP chain exploit for FreeBSD and demonstrated the ability to reliably escape Firefox’s JavaScript virtualization sandbox in 72.4% of trials.