Tim Huckle

I see some weird things but this takes the biscuit. A vulnerability in the Companies House website, that let anyone view the private dashboard of any one of the five million registered companies, see directors' personal details. And modify them.

@EvanCull @MartinSLewis how does that explain people seeing different customer's transactions each time they log in. One example being a customer saw 7 different customer details. More like a CDN cache misconfiguration resulting in API calls being cached; or a fault with in-memory cache such as Redis?

@MartinSLewis it's a digital ID index mix up, meaning you're seeing the data of someone elses digital ID because the lookup table is linking to the wrong record.

Do you use the Lloyds, Bank of Scotland or Halifax apps? People have been messsaging me this morning of being shown other peoples transactions. I want to see how widespread this is. Has it happened to you. If so a) What are you seeing? Which app. b) If it is someone elses transactions does it give any of their details too (name, account number etc)?

Junior and mid-level engineers can no longer push AI-assisted code without a senior signing off at AWS

we're making @blocks smaller today. here's my note to the company. #### today we're making one of the hardest decisions in the history of our company: we're reducing our organization by nearly half, from over 10,000 people to just under 6,000. that means over 4,000 of you are being asked to leave or entering into consultation. i'll be straight about what's happening, why, and what it means for everyone. first off, if you're one of the people affected, you'll receive your salary for 20 weeks + 1 week per year of tenure, equity vested through the end of may, 6 months of health care, your corporate devices, and $5,000 to put toward whatever you need to help you in this transition (if you’re outside the U.S. you’ll receive similar support but exact details are going to vary based on local requirements). i want you to know that before anything else. everyone will be notified today, whether you're being asked to leave, entering consultation, or asked to stay. we're not making this decision because we're in trouble. our business is strong. gross profit continues to grow, we continue to serve more and more customers, and profitability is improving. but something has changed. we're already seeing that the intelligence tools we’re creating and using, paired with smaller and flatter teams, are enabling a new way of working which fundamentally changes what it means to build and run a company. and that's accelerating rapidly. i had two options: cut gradually over months or years as this shift plays out, or be honest about where we are and act on it now. i chose the latter. repeated rounds of cuts are destructive to morale, to focus, and to the trust that customers and shareholders place in our ability to lead. i'd rather take a hard, clear action now and build from a position we believe in than manage a slow reduction of people toward the same outcome. a smaller company also gives us the space to grow our business the right way, on our own terms, instead of constantly reacting to market pressures. a decision at this scale carries risk. but so does standing still. we've done a full review to determine the roles and people we require to reliably grow the business from here, and we've pressure-tested those decisions from multiple angles. i accept that we may have gotten some of them wrong, and we've built in flexibility to account for that, and do the right thing for our customers. we're not going to just disappear people from slack and email and pretend they were never here. communication channels will stay open through thursday evening (pacific) so everyone can say goodbye properly, and share whatever you wish. i'll also be hosting a live video session to thank everyone at 3:35pm pacific. i know doing it this way might feel awkward. i'd rather it feel awkward and human than efficient and cold. to those of you leaving…i’m grateful for you, and i’m sorry to put you through this. you built what this company is today. that's a fact that i'll honor forever. this decision is not a reflection of what you contributed. you will be a great contributor to any organization going forward. to those staying…i made this decision, and i'll own it. what i'm asking of you is to build with me. we're going to build this company with intelligence at the core of everything we do. how we work, how we create, how we serve our customers. our customers will feel this shift too, and we're going to help them navigate it: towards a future where they can build their own features directly, composed of our capabilities and served through our interfaces. that's what i'm focused on now. expect a note from me tomorrow. jack

the cybersecurity industry is about to get completely disrupted.. 💀 someone just open-sourced a fully autonomous AI Red Team. it’s called PentAGI. multiple AI agents that talk to each other to hack a target. zero human input.

Over 1,300 Stripe pull requests merged each week are completely minion-produced, human-reviewed, but contain no human-written code (up from 1,000 last week). How we built minions: stripe.dev/blog/minions-s….

Seeing AWS Route53 issues right now impacting DNS lookups. #aws #route53

@mzaian Yes. DNS lookups dropping completely

Anyone noticing aws route53 issues at the moment?

@AWSSupport @mzaian There are most definitely Route53 issues at the moment, I suggest you take another look.

@mzaian Hi! There are currently no issues being reported on our end, you can check out our Health Dashboard for our latest updates: go.aws/aws-hd. ^AK

@Apple @OpenAI how did this get on to TestFlight ?

Introducing Agent Device: token‑efficient iOS & Android automation for AI agents 𝚗𝚙𝚡 𝚊𝚐𝚎𝚗𝚝-𝚍𝚎𝚟𝚒𝚌𝚎

@mikefutia Leads

This Google Maps Lead Gen Agent is absolutely insane 🤯 Enter a keyword, city, & state → get back names, phone numbers, emails, websites, & reviews. All inside Google Antigravity + Claude Code. Perfect for agencies and lead gen operators who need prospecting data without paying insane SaaS fees. Here's the problem: You're manually searching Google Maps. Clicking through listings one by one, copy-pasting phone numbers into a spreadsheet. It takes hours to build a decent lead list. This scraper solves it: → Enter your keyword (plumber, dentist, realtor, etc.) → Pick your city and state → Set the number of results you want → Hit search and let Apify do the scraping → Save leads you like to a bookmark list No manual searching, no copy-pasting, no paying $200/month for a lead gen tool. What you get: - Full search results with business info - Bookmark feature to save your best leads - Search history to track past scrapes - Option to host it on Replit so your team can use it Built 100% with Claude Code & Antigravity. I recorded a full walkthrough showing exactly how I built this from scratch, plus all the prompts I used. Want all the prompts I used for Claude Code so you can build it yourself? > Like this post > Comment "LEADS" And I'll send it over (must be following so I can DM)

2.67 years of AI progress

This has been said a thousand times before, but allow me to add my own voice: the era of humans writing code is over. Disturbing for those of us who identify as SWEs, but no less true. That's not to say SWEs don't have work to do, but writing syntax directly is not it.

Our CFO asked me to "audit" our software subscriptions last week. He sent me a spreadsheet with 200 rows. Slack, Zoom, Jira, Notion, Trello, Monday, Tuesday, Wednesday. He wanted me to survey the team to see which tools were essential. I told him: "Surveys are for people who care about feelings. I care about OpEx." I deleted the spreadsheet. Instead, I logged into the corporate Amex portal and reported the card as lost. Every single auto-renewal in the company failed instantly. I call this "The Scream Test." It’s simple Darwinian procurement. If a tool goes down and nobody runs to my desk screaming within 4 hours? We didn't need it. The Marketing team was at my door in 10 minutes begging for Adobe. We renewed it. The Sales team was crying about the CRM in 20 minutes. We renewed it. But here’s the interesting part. The HR department’s "Employee Wellness & Engagement Portal" ($12,000/year) has been down for six days. Not a single person has noticed. I didn't just save money. I quantified the exact value of our corporate culture. It is zero. Stop auditing. Start unplugging. If it’s important, they’ll scream. If they don't scream, it’s just noise.

We found that the fix to address the DoS vulnerability in React Server Components (CVE-2025-55184) was incomplete and does not prevent an attack in a specific case. This is disclosed as CVE-2025-67779. New patches are available now, please update immediately.

@LogicalLarry @LimitlessAI Not forgetting the email that informs their users of the change fails to notify them that perhaps the real motivation for the change is their acquisition by $meta.

Well @LimitlessAI, I LOVED this pendant product/service but these new Terms & Privacy changes are a HARD no. ~ You shifted liability onto users ~ Dropped HIPAA alignment ~ Cracked the door wide open to third-party data sharing That’s not innovation, that’s a risk dump and a data/privacy nightmare @dsiroker I wish this wasn't the case. I'm deleting my account

Sergey Brin in founder mode actually saved Google. He had a big tiff inside Google, because Gemini wasn’t allowed to be used for coding. He told Sundar, “I can’t deal with these people. You have to deal with this.” Big companies always build bureaucracy. Sergey (and Larry) still have super voting power, and he used it to cut through the BS. Suddenly Google is moving like a startup again. Their AI went from “way behind” to “easily #1” across domains in a year.

@danwms1983 I sent in a FOI request to HMRC asking for more info, will let you know if I get anything relevant back.

#AWS Is there any explanation anywhere why Gov.uk, HMRC and national rail amongst other UK companies are using us-east-1 and not a UK region?

@dragonf81443571 Querying their namesevers as listed at nominet using their IP addresses during the outage to confirm they were up but not resolving for Vodafone.co.uk; other lookups on these severs were fine. “10 years” is based on last NS update reported at nominet.

@timhuckle Source?

Vodafone DNS is coming back online. The outage perhaps demonstrates why secondary name servers should exist out-of-zone. Sure they’ve ran like this for more than 10 years by the looks; but I think there’s a better way. #vodafone #down #vodafoneoutage