Show HN: Zaxy v1.0
3 by syndicalt | 0 comments on Hacker News.
Hack Nux
Watch the number of websites being hacked today, one by one on a page, increasing in real time.
New ask Hacker News story: Tell HN: Meta's AI support feature allows Instagram accounts to be stolen
Tell HN: Meta's AI support feature allows Instagram accounts to be stolen
9 by parable | 2 comments on Hacker News.
If the AI support option is enabled for your Instagram account (it appears to be A/B tested for only a percentage of accounts), anyone can hijack it with little effort. Simply get on a proxy or VPN close to the account's region, then ask the agent to send a code to an arbitrary email address. Once you receive the code, pass it forward to the agent, and it'll provide you with a password reset link which you can then use to sign into the account. Posting here for any Meta employees who may be reading. This flaw has been around for at least a few days and has been used to hijack over 100 high-value Instagram accounts. The correct patch would be to disable the AI support feature entirely for the time being until this is sorted and revert accounts and usernames that have been hijacked over the last few days. This is a pretty important flaw and it's currently being exploited in blackhat circles. The steps above are public knowledge in these circles and can be found trivially on Telegram. Edit: I wouldn't be surprised if this was never acknowledged by Meta. Several months ago in February, there was an exploit that allowed anyone to view the email address and phone number on file for any Instagram account. No acknowledgement from Meta. IMO they should've filed an SEC 8-K for an issue like that.
9 by parable | 2 comments on Hacker News.
If the AI support option is enabled for your Instagram account (it appears to be A/B tested for only a percentage of accounts), anyone can hijack it with little effort. Simply get on a proxy or VPN close to the account's region, then ask the agent to send a code to an arbitrary email address. Once you receive the code, pass it forward to the agent, and it'll provide you with a password reset link which you can then use to sign into the account. Posting here for any Meta employees who may be reading. This flaw has been around for at least a few days and has been used to hijack over 100 high-value Instagram accounts. The correct patch would be to disable the AI support feature entirely for the time being until this is sorted and revert accounts and usernames that have been hijacked over the last few days. This is a pretty important flaw and it's currently being exploited in blackhat circles. The steps above are public knowledge in these circles and can be found trivially on Telegram. Edit: I wouldn't be surprised if this was never acknowledged by Meta. Several months ago in February, there was an exploit that allowed anyone to view the email address and phone number on file for any Instagram account. No acknowledgement from Meta. IMO they should've filed an SEC 8-K for an issue like that.
New Show Hacker News story: Show HN: Open Envelope – an open schema for defining AI agent teams
Show HN: Open Envelope – an open schema for defining AI agent teams
9 by ashconway | 0 comments on Hacker News.
Built an open JSON Schema for defining AI agent teams. Multi-agent systems are becoming a real deployment pattern — not single assistants, but teams with roles, handoffs, and human checkpoints. But there's no shared way to define one that travels across frameworks. Every implementation is scattered, locked to whichever tool you picked first. Built the schema to fix that. The schema lives at schema.openenvelope.org and is registered in SchemaStore, so if you drop a .envelope.json file in VS Code you get autocomplete and validation without installing anything. It's also on npm as @openenvelope/schema if you want to validate programmatically. The spec covers: agent definitions (role, prompt, model, access policy), supervisor/sub-agent hierarchy, human-in-the-loop gates, pipelines, schedules, and secrets/variables that get injected at deploy time. Access policies let you declare exactly which hosts each agent can call — the runtime enforces this at the network level, not in the prompt. The goal is a portable definition format — define a team once, any compatible runtime can execute it. Similar to how Dockerfiles describe a container without being tied to a specific host. There's a managed runtime at openenvelope.org but the schema is Apache 2.0 and anyone can implement it. Happy to answer questions on any part of the spec — especially interested in feedback from people who've built multi-agent systems and have opinions on what's missing.
9 by ashconway | 0 comments on Hacker News.
Built an open JSON Schema for defining AI agent teams. Multi-agent systems are becoming a real deployment pattern — not single assistants, but teams with roles, handoffs, and human checkpoints. But there's no shared way to define one that travels across frameworks. Every implementation is scattered, locked to whichever tool you picked first. Built the schema to fix that. The schema lives at schema.openenvelope.org and is registered in SchemaStore, so if you drop a .envelope.json file in VS Code you get autocomplete and validation without installing anything. It's also on npm as @openenvelope/schema if you want to validate programmatically. The spec covers: agent definitions (role, prompt, model, access policy), supervisor/sub-agent hierarchy, human-in-the-loop gates, pipelines, schedules, and secrets/variables that get injected at deploy time. Access policies let you declare exactly which hosts each agent can call — the runtime enforces this at the network level, not in the prompt. The goal is a portable definition format — define a team once, any compatible runtime can execute it. Similar to how Dockerfiles describe a container without being tied to a specific host. There's a managed runtime at openenvelope.org but the schema is Apache 2.0 and anyone can implement it. Happy to answer questions on any part of the spec — especially interested in feedback from people who've built multi-agent systems and have opinions on what's missing.
New Show Hacker News story: Show HN: leaf – one month later: website, releases and lots of improvements
Show HN: leaf – one month later: website, releases and lots of improvements
2 by RivoLink | 0 comments on Hacker News.
Hi HN, About a month ago, I shared leaf here while it was still in its early stages. Since then, the project has shipped multiple releases, with UX improvements, bug fixes, and a documentation website now available. leaf is a terminal-based Markdown reader focused on a GUI-like experience, with navigation, search, table of contents, clickable links, syntax highlighting, editor integration, LaTeX rendering, Mermaid diagrams, and more. It works on Linux, macOS, Windows, and Termux. GitHub: https://ift.tt/vXTaGQm Thanks to all contributors and everyone who starred the project for their support, and feedback on UX, performance with large files, and missing features is still very welcome.
2 by RivoLink | 0 comments on Hacker News.
Hi HN, About a month ago, I shared leaf here while it was still in its early stages. Since then, the project has shipped multiple releases, with UX improvements, bug fixes, and a documentation website now available. leaf is a terminal-based Markdown reader focused on a GUI-like experience, with navigation, search, table of contents, clickable links, syntax highlighting, editor integration, LaTeX rendering, Mermaid diagrams, and more. It works on Linux, macOS, Windows, and Termux. GitHub: https://ift.tt/vXTaGQm Thanks to all contributors and everyone who starred the project for their support, and feedback on UX, performance with large files, and missing features is still very welcome.
New ask Hacker News story: Ask HN: How is your org managing PR review load as AI multiplies code output?
Ask HN: How is your org managing PR review load as AI multiplies code output?
3 by meteor333 | 0 comments on Hacker News.
We are facing flooding and surge in PRs across the teams. AI reviewer tools are good, but not exactly helping in efficiency. Almost all developers are experiencing velocity gains in programming but it's not resulting into eventual productivity or velocity in roadmap. How are you or your org dealing with all this?
3 by meteor333 | 0 comments on Hacker News.
We are facing flooding and surge in PRs across the teams. AI reviewer tools are good, but not exactly helping in efficiency. Almost all developers are experiencing velocity gains in programming but it's not resulting into eventual productivity or velocity in roadmap. How are you or your org dealing with all this?