Someone cloned 10,000 legitimate GitHub projects, swapped each README for a fake download button, and buried a trojan in the ZIP. The attack looks like your favorite open-source tool. VirusTotal scans the archive URL and returns zero detections.
GitHub took two weeks to reply and a full month to start deleting repos. The researcher’s plea: “There are simply too many repositories.”
In today’s indie hacker news:
- 🛡️ GitHub’s clone-and-trojan epidemic hit 10,000 repos
- 🪞 Instagram’s feed architect built an AI fame checker
- ⚖️ One man’s GDPR complaint cost Elkjop 1.8M euros, five years later
- 🦀 NVIDIA and Hugging Face prove Rust can match Python on the GPU
- 🔑 MCP ships enterprise OAuth: zero per-user prompts
TOP STORIES
CLONE WARS
🛡️ One researcher found 10,000 GitHub repos distributing the same trojan
The story: A researcher named Orchid used GHArchive to filter 16 million commit pushes and found 10,000 repos distributing the SmartLoader/StealC trojan. Not forks. Independent accounts cloning projects gaining traction, leaving source code intact, but replacing the README with shields.io badges pointing to buried ZIP payloads.
The details:
- SmartLoader uses a Polygon blockchain smart contract as a dead-drop C2 resolver, letting operators rotate infrastructure without rebuilding the malware
- 40,000 repos matched the update-frequency heuristic. 25% of those contained malware
- VirusTotal returns 0 detections on archive URLs but catches the trojan when scanning the extracted ZIP itself
- Frequent fake commits keep malicious repos high in GitHub’s “Last Updated” search results, pushing trojans above authentic projects
Why builders care: If your open-source project is gaining stars, someone may be cloning it right now to distribute malware under your name. Add release checksums to your README and warn users to never run ZIPs buried in repo directory trees.
Turn one English video into 30 languages, in your own voice. ElevenLabs' dubbing studio transcribes your video, translates it, then voices each language in your cloned voice. Built for creators who want a Spanish or Portuguese channel without hiring a VO artist per region. Free tier covers your first few minutes.
We get a cut if you sign up. Only added for tools we use ourselves.
AI KNOWS YOUR NAME
🪞 Instagram’s feed architect built a tool that checks how famous you are inside AI weights
The story: Thomas Dimson, who wrote Instagram’s core ranking algorithms and later co-founded Global Illumination (acquired by OpenAI), built intheweights.com. Type a name and it queries GPT-5.5, Claude, Gemini, Llama, and Qwen3, clusters responses by confidence, and produces a recognition score with a retro pixel-art card. 137 comments on HN, where the privacy debate got heated fast.
The details:
- A public “latest searches” leaderboard linked IP addresses to queried names. Dimson disabled it after HN flagged the de-anonymization risk
- One commenter found deleted MySpace posts from a decade ago still shaping their AI profile
- A user named “mikeryan” was attributed to the Hungerford massacre perpetrator. Another was identified as a murder victim based on partial name match.
- The system is optimized for recall over precision. Hallucinations are expected and acknowledged by the creator.
Why builders care: If you’ve shipped OSS or been active on Twitter, this tells you whether your work ended up in model weights. The leaderboard blunder is a textbook launch-day privacy mistake worth studying before you ship anything that logs user queries publicly.
THE FIVE-YEAR CHECKBOX
The story: Alexander Hanff wrote to Elkjop’s DPO in July 2021 warning their loyalty club’s consent checkbox was unlawful. Elkjop ignored him. Hanff complained to Sweden’s DPA, which transferred to Norway’s Datatilsynet. On June 1, 2026, Datatilsynet fined Elkjop NOK 20 million (about 1.85M euros) for four GDPR violations across 6+ million members in seven countries.
The details:
- The checkbox bundled newsletters, SMS, profiling, analytics, and personalisation into a single accept-or-leave consent
- Customer data was shared with Google’s Customer Match advertising platform without valid legal basis
- All rectification requests were auto-classified as “complex”, triggering 3-month extensions. 75 requests exceeded the 1-month deadline.
- Hanff learned of the final decision from a wiki page, not from the regulator
Why builders care: If your SaaS uses a single consent checkbox for signup, analytics, and marketing, this ruling targets your exact pattern. Separate consent by purpose. Let users opt out without losing the core product.
RUST ON THE GPU
🦀 NVIDIA and Hugging Face built a Rust inference engine that matched vLLM with 0.3% safety overhead
The story: NVIDIA and Hugging Face published cuTile Rust, a GPU kernel system that extends Rust’s borrow checker across the CPU-GPU boundary. Their proof-of-concept, Grout, hit 82.1 tok/s on Qwen3-32B vs vLLM’s 77.5 and SGLang’s 76.5 on an NVIDIA B200.
The details:
- Safe vs unsafe Rust variants perform within 0.3% of each other. Memory safety overhead is effectively zero.
- cuTile Rust achieves 96.4% of cuBLAS GEMM performance on B200
- CUDA graph replay cuts launch overhead to 0.8 microseconds per op vs 7.3 for synchronous launch
- Grout is research software: batch-1 only, Qwen3 only, NVIDIA only
Why builders care: As LLMs generate more GPU code, compiler-enforced memory safety means generated kernels can be verified correct by construction, not tested. This is the strongest evidence yet that Rust can compete with Python+CUDA for ML inference.
ZERO-CLICK TOOL ACCESS
🔑 MCP ships enterprise OAuth: IT admins push tools to entire orgs, zero per-user prompts
The story: MCP published Enterprise-Managed Authorization as a stable extension. Previously every employee authorized each MCP server individually. Now IT admins provision access once through Okta, and users get all servers on first login. Seven providers at launch: Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase.
The details:
- Uses an ID-JAG token grant: the client gets a special token during SSO, exchanges it for MCP server access tokens, bypassing consent screens
- Client support: Anthropic (Claude, Claude Code, Cowork) and Microsoft (VS Code)
- Early enterprise adopters: HubSpot, Ramp, and Webflow
- HN pushback: one commenter warned about scope-creep when per-user consent is removed entirely
Why builders care: If you’re building an MCP server for enterprise customers, EMA is table stakes. Without it, every employee is a manual auth step that kills adoption. With it, your tool gets pushed org-wide on first SSO login, the same way Okta provisions any other SaaS app.
TRENDING TODAY
🏠 Ubiquiti enters the NAS market with ZFS - UniFi ENAS: 3U rackmount, ZFS, ARM Neoverse N2, $3,999 bare. 255 comments on HN debating Ubiquiti’s security track record and whether used enterprise gear at a fraction of the cost makes more sense.
😤 “Everybody wants to sell you” - Cross-posted to r/SaaS and r/microsaas. Founders are sick of YouTube gurus teaching Reddit as a “free client acquisition channel.” The result: fake friendships resolving to sales pitches, “let me help you” DMs, and value posts that are thinly disguised ads. Top comment: “Plot twist, half of us reading this are also the guy trying to sell something.”
🧩 Datasette Apps: Claude Artifacts but database-native - @simonw ships sandboxed HTML+JS applications inside Datasette. Apps execute read-only SQL against host databases, writes only through pre-approved stored queries. Devs paste prompt templates into LLMs to generate app code. Iframe sandbox blocks cookies and localStorage.
DRAMA
SURVIVORSHIP BIAS BINGO
🎭 Founder with 2 exits in 6 years posts key learnings, r/startups debates what’s real - Bootstrapped founder sold two SaaS companies to acquirers with ~$200M revenue each. Commenters initially misread the acquirer’s metrics as the founder’s. (“What. 700 employees?? Calling BS.”) Founder clarified: “we had less than 10.” No acquisition prices shared despite multiple asks. The thread split into two camps: genuine advice worth reading vs. survivorship bias from a sample size of one. The founder says they’re “traumatized” and not building again.
FIRST DOLLAR
STRANGERS ARE PAYING AND IT FEELS WEIRD
💰 Anonymous SaaS builder’s first paying customers arrived after repositioning - Builder on r/SaaS got first unknown paying customers for an AI content creation SaaS after switching from feature-listing to “here is the annoying workflow this replaces.” No revenue figures. No product name. The post’s honesty is the draw: “not life-changing revenue yet” and zero “$50K MRR in 21 days” energy.
FIVE DOLLARS FROM A STRANGER
💸 LaunchShots gets its first donation: $5 - Solo dev built LaunchShots, a free browser-based App Store screenshot generator. No paywall, no signup. Someone donated $5. “I know that sounds tiny, but the project is completely free, so I wasn’t expecting anything at all.” Sometimes validation is $5 and a stranger who thinks your work matters.
STACK OF THE DAY
Locofy - Agentic design-to-code layer between Figma and Cursor/Claude. Converts Figma designs into production-ready frontend code using AI agents. If you’re tired of manually translating mockups into components, this bridges the gap. Free tier available.
Not sponsored. We just feature tools builders would actually use.
BOOKMARKED TODAY
- 📁 .gitignore isn’t the only way to ignore files in Git - 315 HN upvotes. Covers
.git/info/exclude,core.excludesFile, andupdate-index --assume-unchanged. If you’ve been committing your.gitignoreworkarounds, there are cleaner options. - 🎓 CS 6120: Advanced Compilers (self-guided) - Cornell’s full compiler course, free and self-paced. 329 HN upvotes, 48 comments. If you want to understand how the code you ship actually runs, this is the course.
- 💸 API cost calculator, born from a $340 surprise invoice - Show HN. Helps developers estimate API costs before shipping. Built because the creator got hit with an unexpected LLM billing surprise.
Stop trusting random coffee-shop WiFi with your auth tokens. Public WiFi is a free packet sniffer for anyone in earshot of your laptop. NordVPN encrypts the tunnel so a logged-in Vercel session, a GitHub PAT, or a Stripe dashboard tab stays yours. Works on the same 6,400+ exit nodes you'd use for geo-testing.
We get a cut if you sign up. Only added for tools we use ourselves.
Curated by AI, built by a human.