Hacker News — 2026-06-27#
Top Story#
The U.S. government has officially lifted its export block on Anthropic’s Claude Mythos 5, allowing the frontier model to be distributed to over 100 trusted U.S. companies and agencies. This de-escalation follows an intense standoff over concerns that Mythos could be trivially weaponized for zero-day exploitation, a fear initially amplified by the model’s unprecedented, autonomous vulnerability hunting capabilities.
Front Page Highlights#
Anatomy of a Failed (Nation-State?) Attack
A developer narrowly avoided a sophisticated remote-access trojan (PinpinRAT) hidden within a fake TypeScript interview test. The attackers used a combination of malicious patch-package postinstall hooks to inject an obfuscated payload into the compiler, completely hiding their tracks from Git using skip-worktree. It is a sobering look at how targeted and patient supply-chain attacks against developers have become.