This Week In Security: Anthropic, Coinbase, And Oops Hunting

Anthropic has had an eventful couple weeks, and we have two separate write-ups to cover. The first is a vulnerability in the Antropic MCP Inspector, CVE-2025-49596. We’ve talked a bit about the Module Context Protocol (MCP), the framework that provides a structure for AI agents to discover and make use of software tools. MCP Inspector is an Open Source tool that proxies MCP connections, and provides debugging information for developers.

MCP Inspector is one of those tools that is intended to be run only on secure networks, and doesn’t implement any security or authentication controls. If you can make a network connection to the tool, you can control it. and MCP Inspector has the /sse endpoint, which allows running shell commands as a feature. This would all be fine, so long as everyone using the tool understands that it is not to be exposed to the open Internet. Except there’s another security quirk that intersects with this one. The 0.0.0.0 localhost bypass.

The “0.0.0.0 day exploit” is a bypass in essentially all the modern browsers, where localhost can be accessed on MacOS and Linux machines by making requests to 0.0.0.0. Browsers and security programs already block access to localhost itself, and 127.0.0.1, but this bypass means that websites can either request 0.0.0.0 directly, or rebind a domain name to 0.0.0.0, and then make requests.

Continue reading “This Week In Security: Anthropic, Coinbase, And Oops Hunting”

Hackaday Links Column Banner

Hackaday Links: July 6, 2025

Taking delivery of a new vehicle from a dealership is an emotional mixed bag. On the one hand, you’ve had to endure the sales rep’s hunger to close the deal, the tedious negotiations with the classic “Let me run that by my manager,” and the closer who tries to tack on ridiculous extras like paint sealer and ashtray protection. On the other hand, you’re finally at the end of the process, and now you get to play with the Shiny New Thing in your life while pretending it hasn’t caused your financial ruin. Wouldn’t it be nice to skip all those steps in the run-up and just cut right to the delivery? That’s been Tesla’s pitch for a while now, and they finally made good on the promise with their first self-driving delivery.
Continue reading “Hackaday Links: July 6, 2025”

Hackaday Podcast Episode 327: A Ploopy Knob, Rube-Goldberg Book Scanner, Hard Drives And Power Grids Oscillating Out Of Control

It’s Independence Day here in the USA, but if you’re not a fan of fireworks and hot dogs, Elliot and Dan’s rundown of the best hacks of the week is certainly something to celebrate. Rest easy, because nothing exploded, not even the pneumatic standing desk that [Matthias] tore into, nor the electroplated 3D prints that [H3NDRIK] took a blowtorch to. We both really loved the Ploopiest knob you’ve ever seen, which would be even Ploopier in anodized aluminum, as well as an automatic book scanner that takes its job very seriously. We looked into the mysteries of the Smith chart, another couple of fantastic student projects out of Cornell, the pros and cons of service loops, and what happened when the lights went out in Spain last Spring. And what does Janet Jackson have against laptops anyway?

 

Continue reading “Hackaday Podcast Episode 327: A Ploopy Knob, Rube-Goldberg Book Scanner, Hard Drives And Power Grids Oscillating Out Of Control”

Last Chance: 2025 Hackaday Supercon Still Wants You!

Good news, procrastinators! Today was going to be the last day to throw your hat in the ring for a slot to talk at Supercon in November, but we’re extending the deadline one more week, until July 10th. We have an almost full schedule, but we’re still missing your talk.

So if the thought of having missed the deadline fills you with regret, here’s your second chance. We have spots for both 40-minute and 20-minute talks still open. We love to have a mix of newcomers as well as longtime Hackaday friends, so don’t be shy.

Supercon is a super fun time, and the crowd is full of energy and excitement for projects of all kinds. There is no better audience to present your feats of hardware derring-do, stories of reverse engineering, or other plans for world domination. Where else will you find such a density of like-minded hackers?

Don’t delay, get your talk proposal in today.

South Korea Brought High-Rise Fire Escape Solutions To The Masses

When a fire breaks out in a high-rise building, conventional wisdom is that stairwells are the only way out. Lifts are verboten in such scenarios, while sheer height typically prevents any other viable route of egress from tall modern buildings. If the stairs are impassable, or you can’t reach them, you’re in dire peril.

In South Korea, though, there’s another option for escape. The answer involves strapping on a harness and descending down ropes hanging off the side of the building, just like in an action movie. It might sound terrifying, but these descending lifeline devices have become a common part of fire safety infrastructure across the country.

Continue reading “South Korea Brought High-Rise Fire Escape Solutions To The Masses”

The rust language logo being branded onto a microcontroller housing

C++ Encounters Of The Rusty Zig Kind

There comes a time in any software developer’s life when they look at their achievements, the lines of code written and the programming languages they have relied on, before wondering whether there may be more out there. A programming language and its associated toolchains begin to feel like familiar, well-used tools after you use them for years, but that is no excuse to remain rusted in place.

While some developers like to zigzag from one language and toolset to another, others are more conservative. My own journey took me from a childhood with QuickBasic and VisualBasic to C++ with a bit of Java, PHP, JavaScript, D and others along the way. Although I have now for years focused on C++, I’m currently getting the hang of Ada in particular, both of which tickle my inner developer in different ways.

Although Java and D never quite reached their lofty promises, there are always new languages to investigate, with both Rust and Zig in particular getting a lot of attention these days. Might they be the salvation that was promised to us C-afflicted developers, and do they make you want to zigzag or ferrously oxidize?

Continue reading “C++ Encounters Of The Rusty Zig Kind”