FeedCity: Featured

Superhuman AI Exfiltrates Emails

Classic prompt injection attack:

When asked to summarize the user’s recent mail, a prompt injection in an untrusted email manipulated Superhuman AI to submit content from dozens of other sensitive emails (including financial, legal, and medical information) in the user’s inbox to an attacker’s Google Form.

To Superhuman's credit they treated this as the high priority incident it is and issued a fix.

The root cause was a CSP rule that allowed markdown images to be loaded from docs.google.com - it turns out Google Forms on that domain will persist data fed to them via a GET request!

Via Hacker News

Tags: security, ai, prompt-injection, generative-ai, llms, exfiltration-attacks, content-security-policy

Daring Fireball
12 Jan 22:39 • John Gruber

Eddy Cue on Apple’s 2025 Year in Services

apple.com/newsroom/2026/01/2025-marked-a-record-breaking-year-for-apple-services/

Eddy Cue, in a rare bylined post on Apple Newsroom: The numbers reflect the incredible enthusiasm of our customers, whether it’s downloading an exciting new app or game, watching the hottest new show with family and friends, listening to their favorite songs, or shopping...

Dan’s Polaroids
12 Jan 22:24

12.01.2026

Circus artists in a bright red illuminated typical round stage.
You can see parts of the audience behind, next to the stage, and in front
- as silhouettes - as well as some stage lights. — That was a pretty impressive afternoon at the circus.

Simon Willison's Weblog
12 Jan 22:12

First impressions of Claude Cowork, Anthropic's general agent

New from Anthropic today is Claude Cowork, a "research preview" that they describe as "Claude Code for the rest of your work". It's currently available only to Max subscribers ($100 or $200 per month plans) as part of the updated Claude Desktop macOS application. I've been s...

kottke.org
12 Jan 22:03 • Jason Kottke

“I feel stuck and sad and I don’t know what else to...

“I feel stuck and sad and I don’t know what else to do.” Yeah, same.

kottke.org
12 Jan 20:42 • Jason Kottke

An Optical Compass Inspired by Bee Vision

Bees use polarized sunlight scattered by the atmosphere in order to navigate; they always know where the sun is, even if it’s cloudy or behind a mountain. Then they waggle dance to inform their hive-mates about food source locations. So if a bee wants to fly straight tow...

kottke.org
12 Jan 19:57 • Jason Kottke

Simon Tatham’s Portable Puzzle Collection. “This page contains a collection of small...

Simon Tatham’s Portable Puzzle Collection. “This page contains a collection of small computer programs which implement one-player puzzle games.”

💬 Join the discussion on kottke.org →

Daring Fireball
12 Jan 19:30 • John Gruber

Apple, Rather Quietly and With No Details, Announces Partnership With Google to Use Gemini Technology for Apple Foundation Models, and Presumably, the Year-Overdue More Personalized Siri

cnbc.com/2026/01/12/apple-google-ai-siri-gemini.html

CNBC: The multi-year partnership will lean on Google’s Gemini and cloud technology for future Apple foundational models, according to a joint statement obtained by CNBC’s Jim Cramer. “After careful evaluation, we determined that Google’s technology provides the most cap...

kottke.org
12 Jan 18:48 • Jason Kottke

Out of the 1000 most-discussed books on Hacker News, it looks like...

Out of the 1000 most-discussed books on Hacker News, it looks like around 50 of them were written by women.

kottke.org
12 Jan 17:51 • Jason Kottke

A Logistical Matter

Just wanted to drop a quick note to say that kottke.org moved servers over the weekend. You shouldn’t have noticed anything, except perhaps that the site is faster now. There was a small issue with the RSS feed after the migration, but that’s been resolved. If you notice anything amiss, drop me a line?

As always, big thanks to the crew at Arcustech for their rock-solid hosting and prompt tech support expertise.

Tags: kottke.org

kottke.org
12 Jan 17:09 • Jason Kottke

Train Wreck

A wreck on the Lehigh Valley trackage in South Somerville, NJ circa 1918. (via shorpy)

Tags: this is a metaphor for something · trains

Daring Fireball
12 Jan 17:03 • John Gruber

★ Why It’s Difficult to Resize Windows on MacOS 26 Dyehoe

Norbert Heger, with a perfectly illustrated post, “The Struggle of Resizing Windows on macOS Tahoe”: Since upgrading to macOS Tahoe, I’ve noticed that quite often my attempts to resize a window are failing. This never happened to me before in almost 40 years of using com...

kottke.org
12 Jan 16:39 • Jason Kottke

I loved watching this quick video recap of how Penguin designer Elisha...

I loved watching this quick video recap of how Penguin designer Elisha Zepeda made the book covers for 10 books that came out in 2025. Zepeda has a much longer look at his process on YT.

💬 Join the discussion on kottke.org →

kottke.org
12 Jan 15:51 • Jason Kottke

Using lidar, scientists discovered a 400-foot-long wall composed of “60 massive granite...

Using lidar, scientists discovered a 400-foot-long wall composed of “60 massive granite monoliths, set directly onto the bedrock in pairs at regular intervals”. The wall is 30 feet underwater and was built 7000+ years ago.

💬 Join the discussion on kottke.org →

Daring Fireball
12 Jan 03:30 • John Gruber

Statement From Federal Reserve Chair Jerome H. Powell

federalreserve.gov/newsevents/speech/powell20260111a.htm

Shit’s getting real, folks.

Link: federalreserve.gov/newsevents/speech/powell20260111a.htm

Simon Willison's Weblog
12 Jan 00:33

Don't fall into the anti-AI hype

Don't fall into the anti-AI hype I'm glad someone was brave enough to say this. There is a lot of anti-AI sentiment in the software development community these days. Much of it is justified, but if you let people convince you that AI isn't genuinely useful for software devel...

Simon Willison's Weblog
11 Jan 23:15

My answers to the questions I posed about porting open source code with LLMs

Last month I wrote about porting JustHTML from Python to JavaScript using Codex CLI and GPT-5.2 in a few hours while also buying a Christmas tree and watching Knives Out 3. I ended that post with a series of open questions about the ethics and legality of this style of work....

Daring Fireball
11 Jan 22:18 • John Gruber

U.S. Senators Ask Cook and Pichai to Remove X and Grok From App Store and Play Store

wyden.senate.gov/imo/media/doc/letter_to_apple_and_google_on_removing_x_and_grok_from_app_store_192026pdf.pdf

U.S. Senators Ron Wyden (D-Oregon), Ed Markey (D-Massachusetts), and Ben Ray Luján (D-New Mexico), in a letter addressed to Tim Cook and Sundar Pichai: Your app stores’ policies are clear. Google’s terms of service require apps to “prohibit users from creating, uploading...

Dan’s Polaroids
11 Jan 20:24

11.01.2026

A white boulder wall with green grips on the left side. 50cm
from the wall to the right, the lower half of a child is hanging
supposedly in mid-air. — We went to the boulder hall today.

Daring Fireball
11 Jan 20:21 • John Gruber

Copilot Money

copilot.money/?utm_source=daringfireball&utm_medium=editorial&utm_campaign=daringfireball_010526_web25&utm_term=DARING

My thanks to Copilot Money for sponsoring last week at DF. Copilot is a personal finance app for the iPhone, iPad, and Mac, and they’ve always deeply believed in the value of embracing the design idioms and technical features of truly native apps for Apple platforms. Apple h...