Episode Details
Back to Episodes
Bluetooth soundbar becomes BadUSB & GitHub.dev OAuth token theft - Hacker News (Jun 3, 2026)
Published 2 weeks, 3 days ago
Description
Please support this podcast by checking out our sponsors:
- Consensus: AI for Research. Get a free month - https://get.consensus.app/automated_daily
- SurveyMonkey, Using AI to surface insights faster and reduce manual analysis time - https://get.surveymonkey.com/tad
- Prezi: Create AI presentations fast - https://try.prezi.com/automated_daily
Support The Automated Daily directly:
Buy me a coffee: https://buymeacoffee.com/theautomateddaily
-Researcher Reveals Remote Bluetooth Firmware Attack Turning Katana V2X Speaker into BadUSB Keyboard
-Why Data Layout and Working-Set Size Can Dominate CPU Performance
-VSCode Webview Bug Enables One-Click GitHub Token Theft via github.dev
-Inside the PlayStation 1: CPU, GPU Pipeline, and Copy-Protection Design
-YC-backed Piramidal Hiring Senior Engineers for AI–Neuroscience Platform in NYC
-GitHub Project Rebuilds Test Drive III Maps Through Reverse Engineering
-nbd-vram Uses NVIDIA VRAM as Linux Swap via NBD and CUDA
-Microsoft launches MAI-Code-1-Flash, a lightweight coding model rolling out in GitHub Copilot for VS Code
Episode Transcript
Bluetooth soundbar becomes BadUSB
First up in security: a researcher says Creative’s Sound Blaster Katana V2X soundbar can be attacked over Bluetooth from roughly 15 meters away—without pairing and without authentication. The big issue is that the device reportedly exposes a proprietary control protocol over BLE, so an attacker can connect and send commands that should have been gated behind stronger check
- Consensus: AI for Research. Get a free month - https://get.consensus.app/automated_daily
- SurveyMonkey, Using AI to surface insights faster and reduce manual analysis time - https://get.surveymonkey.com/tad
- Prezi: Create AI presentations fast - https://try.prezi.com/automated_daily
Support The Automated Daily directly:
Buy me a coffee: https://buymeacoffee.com/theautomateddaily
Today's topics:
Bluetooth soundbar becomes BadUSB - A Creative Sound Blaster Katana V2X flaw enables long-range Bluetooth attacks, firmware tampering, and USB HID "keyboard" injection—raising serious supply-chain and surveillance risks.
GitHub.dev OAuth token theft - A one-click github.dev exploit can steal a broad-scoped GitHub OAuth token via VSCode webview event spoofing, enabling read/write access to private repos and potential downstream compromise.
Cache-friendly data layout performance - A deep dive shows why real-world speed often hinges on CPU cache behavior—Array of Structs vs Struct of Arrays, working-set size, and random access patterns can dwarf Big-O expectations.
Linux swap in GPU VRAM - An open-source tool turns NVIDIA VRAM into Linux swap using NBD and CUDA, improving interactive latency on memory-starved laptops—at the cost of power and some throughput overhead.
PlayStation 1 design tradeoffs - A PlayStation 1 hardware explainer connects Sony’s CPU+DMA approach and GPU limitations to iconic visual artifacts, plus the security and copy-protection cat-and-mouse of the era.
Reverse engineering classic game maps - A long-running preservation project extracts and reconstructs Test Drive III map data, turning proprietary DOS-era formats into viewable, exportable assets for modding and archiving.
-Researcher Reveals Remote Bluetooth Firmware Attack Turning Katana V2X Speaker into BadUSB Keyboard
-Why Data Layout and Working-Set Size Can Dominate CPU Performance
-VSCode Webview Bug Enables One-Click GitHub Token Theft via github.dev
-Inside the PlayStation 1: CPU, GPU Pipeline, and Copy-Protection Design
-YC-backed Piramidal Hiring Senior Engineers for AI–Neuroscience Platform in NYC
-GitHub Project Rebuilds Test Drive III Maps Through Reverse Engineering
-nbd-vram Uses NVIDIA VRAM as Linux Swap via NBD and CUDA
-Microsoft launches MAI-Code-1-Flash, a lightweight coding model rolling out in GitHub Copilot for VS Code
Episode Transcript
Bluetooth soundbar becomes BadUSB
First up in security: a researcher says Creative’s Sound Blaster Katana V2X soundbar can be attacked over Bluetooth from roughly 15 meters away—without pairing and without authentication. The big issue is that the device reportedly exposes a proprietary control protocol over BLE, so an attacker can connect and send commands that should have been gated behind stronger check