Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Ableton Extensions SDK
15 points, 4 comments on Hacker News
Show HN: Mnemo – local-first AI memory layer for any LLM (Rust, SQLite,petgraph)
13 points, 2 comments on Hacker News
My Software North Star
Comments
A Man Who Reads Books for a Living (One Every Two Days)
25 points, 7 comments on Hacker News
Self-hosted dev sandboxes with preview URLs (Docker, Go, no K8s)
15 points, 0 comments on Hacker News
Brume is a 24-voice multi-timbral desktop synth for the CM5
34 points, 7 comments on Hacker News
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory. No malicious app on the phone is required. The assistant just had to treat a hostile
Elixir v1.20: Now a gradually typed language
357 points, 115 comments on Hacker News
Rootshell: A new E2EE email service hosted in Iceland
Article URL: https://rootshell.is Comments URL: https://news.ycombinator.com/item?id=48388253 Points: 29 # Comments: 25
Embryos shape their limbs: a key discovery of "genetic brakes"
36 points, 0 comments on Hacker News
Launch HN: Hyper (YC P26) – Company brain to power agentic development
Hey HN, we’re Shalin & Kanyes, best friends who've been hacking together for 10+yrs, and now founders of Hyper (https://heyhyper.ai/). Hyper is a shared “company brain” that plugs into information flowing inside a company to make AI agents and automations better and ultimately save people time. Models have gotten good enough that they can (mostly) take on long-horizon, complex tasks. We believe the bottleneck now is that these smart-enough models often lack information about your company, which is scattered in people's heads, Slack threads, stale docs, and in back-and-forth convos with AI. MCP is useful for getting some info in front of an agent, but there are problems: (1) Once the session dies, so does the insight, so instead of copy-pasting a whole doc each time you're telling the agent to dig through Drive each time - not much of a win; (2) Even when MCP works, what it gathers isn't comprehensive, because people decide things on a whiteboard, brainstorm out loud, post a little in S
Gooey: A GPU-accelerated UI framework for Zig
107 points, 29 comments on Hacker News
Safe Made Easy Pt.1: Single Ownership is (Not) Optional
Comments
Skyvern (YC S23) Is Hiring Open-Source Loving DevRel Engineers
1 points, 0 comments on Hacker News
MacBook Neo is so popular that Apple doubled production
268 points, 274 comments on Hacker News
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat as
New Texas Instruments 5532 chips are not the 5532s we’ve used for decades
Article URL: https://groupdiy.com/threads/the-new-ti-5532-chips-are-not-5532s-weve-used-for-decades.93707/ Comments URL: https://news.ycombinator.com/item?id=48386133 Points: 54 # Comments: 24
Show HN: Nutrepedia – Nutrition info in 29 locales built with Clojure and Htmx
Article URL: https://nutrepedia.com/en-us/ Comments URL: https://news.ycombinator.com/item?id=48386129 Points: 84 # Comments: 19
ESP32-S31
220 points, 119 comments on Hacker News
Gemma 4 12B: A unified, encoder-free multimodal model
583 points, 222 comments on Hacker News
Parsing XML EXIF from .avif files (plus a rant)
Comments
burntsushi discusses personal medical diagnosis
Comments
A Post-Quantum Future for Let's Encrypt
30 points, 10 comments on Hacker News
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt.
Inside Google’s System for Coordinated A/B Testing Across Its Global Service Fleet
Google has shared details of its fleet wide large scale A/B experimentation system designed to standardize experiment assignment, exposure logging, and configuration propagation across distributed services. The approach enables consistent measurement across products, reduces experiment conflicts, and improves reliability of data driven decision making at scale. By Leela Kumili
DaVinci Resolve 21
97 points, 38 comments on Hacker News
Shopify Is Down
56 points, 38 comments on Hacker News
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years.
mimalloc: A new, high-performance, scalable memory allocator for the modern era
Comments
I built a ceiling projection mapping of the planes flying over my house
111 points, 16 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles