7.9.25 | Supabase MCP SQL leak, Bootstrapping profitable side project, OffChess offline chess puzzles app

This is a recap of the top 10 posts on Hacker News on Jul 9, 2025.Supabase MCP can leak your entire SQL databasehttps://www.generalanalysis.com/blog/supabase-mcp-bloghttps://news.ycombinator.com/item?id=44502318Bootstrapping a side project into a profitable seven-figure businesshttps://projectionlab.com/blog/we-reached-1m-arr-with-zero-fundinghttps://news.ycombinator.com/item?id=44495428Show HN: OffChess – Offline chess puzzles apphttps://offchess.comhttps://news.ycombinator.com/item?id=44498296Breaking Git with a carriage return and cloning RCEhttps://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384https://news.ycombinator.com/item?id=44502330Smollm3: Smol, multilingual, long-context reasoner LLMhttps://huggingface.co/blog/smollm3https://news.ycombinator.com/item?id=44501413Taking over 60k spyware user accounts with SQL injectionhttps://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/https://news.ycombinator.com/item?id=44455707Radium Music Editorhttp://users.notam02.no/~kjetism/radium/https://news.ycombinator.com/item?id=44502298Brut: A New Web Framework for Rubyhttps://naildrivin5.com/blog/2025/07/08/brut-a-new-web-framework-for-ruby.htmlhttps://news.ycombinator.com/item?id=44502463RapidRAW: A non-destructive and GPU-accelerated RAW image editorhttps://github.com/CyberTimon/RapidRAWhttps://news.ycombinator.com/item?id=44505876US Court nullifies FTC requirement for click-to-cancelhttps://arstechnica.com/tech-policy/2025/07/us-court-cancels-ftc-rule-that-would-have-made-canceling-subscriptions-easier/https://news.ycombinator.com/item?id=44504699