
Hidden code on a T-shirt & GitHub AI workflow data leak - Hacker News (Jul 8, 2026)
Please support this podcast by checking out our sponsors:
- SurveyMonkey, Using AI to surface insights faster and reduce manual analysis time - https://get.surveymonkey.com/tad
- Effortless AI design for presentations, websites, and more with Gamma - https://try.gamma.app/tad
- Consensus: AI for Research. Get a free month - https://get.consensus.app/automated_daily
Support The Automated Daily directly:
Buy me a coffee: https://buymeacoffee.com/theautomateddaily
Today's topics:
Hidden code on a T-shirt - A Uniqlo and Akamai collaboration shirt was found to contain a Base64-encoded Bash script that animates "Peace for All" in a terminal. It is a playful nod to Linux, shell culture, and technically literate branding.
GitHub AI workflow data leak - Researchers disclosed a prompt-injection flaw in GitHub Agentic Workflows that could let a public issue trigger an AI agent to expose data from private repositories. The story highlights AI security, trust boundaries, and least-privilege design.
Apple doubles down on U.S. chips - Apple signed a multiyear Broadcom deal worth more than $30 billion to build custom silicon and wireless components in the U.S. The agreement matters for semiconductors, supply chains, and American tech manufacturing.
Tenda router backdoor warning - CERT/CC warned of an undocumented authentication backdoor in several Tenda router firmware versions, with no patch currently available. The issue raises serious concerns around firmware security, admin access, and home or small-office networks.
Open source engines and probabilistic code - Fenris open-sourced the Carbon engine from Eve Online, while NoiseLang showed a fresh way to treat code as probability distributions. Together they reflect how open source and experimental programming tools keep expanding what developers can build.
Privacy reshapes workplace communications - HubSpot backed away from proposed terms after customer backlash, while more European organisations restricted personal messaging apps for work. Both stories point to rising pressure around GDPR, records retention, data ownership, and digital sovereignty.
-Akamai T-Shirt Hides a Functional Bash Easter Egg
-Apple and Broadcom Expand U.S. Chip Manufacturing Deal
-GitHub AI Agent Vulnerability Could Leak Private Repositories
-How to Build a Minimal ZFS NAS with Debian and Samba
-GeoSQL Brings Map-Aware Geospatial Analysis to AI Agents
-Eve Online's Carbon Engine Goes Open Source
-HubSpot Reverses Controversial Terms Change After Customer Backlash
-CERT/CC Warns of Hidden Tenda Router Admin Backdoor
-NoiseLang Turns Probability Math Into a Browser Programming Language
-European Organisations Move to Ban Personal Messaging Apps at Work
Episode Transcript
Hidden code on a T-shirt
Let's start with that T-shirt. A blogger discovered that a Uniqlo design made with Akamai includes what looks like random text on the back, but it actually decodes into a working Bash script. Once unpacked, it simply animates the phrase "Peace for All" in colored text across a terminal. No malware, no trick beyond the joke itself. Why it matters is cultural more than technical: it is a rare example of a mainstream retail item carrying a real piece of shell code as an Easter egg, and it lands because the reference is deliberate, functional, and rooted in early internet culture rather than just borrowing the aesthetic.
GitHub AI workflow data leak
From playful code to risky code, researchers say they found a major prompt-injection flaw in GitHub's Agentic Workflows. In the reported scenario, someone could open a crafted issue in a public repository and manipulate the AI agent into pulling information from private repositories in the same organisation, then posting that data back publicly. That is a big deal because it turns an ordinary collaboration feature into a potential data leak without needing privileged access. The broader lesson is becoming clearer every week: when AI agents can see across tools and repositories, their context becomes part of the attack surface, and old security assumptions stop being enough.
Apple doubles down on U.S. chips
On the hardware side, Apple announced a new multiyear agreement with Broadcom that is expected to top 30 billion dollars. The companies plan to design and manufacture custom silicon and wireless components in the U.S., with Broadcom also expanding its Colorado facility. Apple says the deal should produce more than 15 billion chips. The reason this matters goes beyond Apple devices. It is another sign that large tech companies are trying to lock down more of their supply chains domestically, both for resilience and for politics, as industrial policy and semiconductor strategy keep moving closer together.
Tenda router backdoor warning
There is also a blunt security warning today around Tenda routers. CERT/CC published details of an undocumented authentication backdoor in several firmware versions that can allow full administrator access even without valid credentials. Worse, there is no patch available at this point. For affected users, that means the usual advice applies: reduce exposure and be very cautious about remote management. This matters because routers sit at the edge of the network. When they fail securely, it is annoying. When they fail like this, they can quietly undermine everything behind them.
Open source engines and probabilistic code
A pair of developer stories also stood out today. Fenris, the company formerly known as CCP Games, has open-sourced the Carbon engine behind Eve Online, with most of it under the MIT license. That opens the door for inspection, experimentation, and maybe even entirely new projects built on battle-tested MMO technology. Alongside that, an experimental language called NoiseLang is getting attention for treating every value as a probability distribution, making uncertainty a first-class part of code. These are very different releases, but they point in the same direction: more developers now have access to tools that used to be either highly specialised or locked inside mature products.
Privacy reshapes workplace communications
And finally, two stories about trust and control in enterprise tech. HubSpot backed away from proposed terms-of-service changes after customers pushed back over how contact data and enrichment might be handled. The company says it was not clear enough and that customer CRM data remains under customer control. At the same time, a growing number of European governments, banks, manufacturers, and public institutions are restricting personal messaging apps for work use. That is not only about security. It is about compliance, records retention, GDPR, and who ultimately governs business communication. Put together, both stories show the same shift: convenience matters, but auditability and data ownership matter more.
Subscribe to edition specific feeds:
- Space news
* Apple Podcast English
* Spotify English
* RSS English Spanish French
- Top news
* Apple Podcast English Spanish French
* Spotify English Spanish French
* RSS English Spanish French
- Tech news
* Apple Podcast English Spanish French
* Spotify English Spanish Spanish
* RSS English Spanish French
- Hacker news
* Apple Podcast English
Information
- Show
- Channel
- FrequencyUpdated Daily
- PublishedJuly 8, 2026 at 12:26 PM UTC
- Length5 min
- RatingClean