Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accused of deploying the ransomware against multiple victims located throughout the U.S. between April and December 2023.
Show HN: Perfect Bluetooth MIDI for Windows
Hi HN, I'm Erwin. I built a small free open-source utility that bridges Bluetooth LE MIDI keyboards into the new Windows MIDI Services stack so any DAW or Web MIDI app can use them as if they were wired. I bought a Roland FP-90X piano partly because it had Bluetooth MIDI. On my Windows 11 PC, pairing succeeded, but my DAW couldn't see the keyboard, and notes I sent from the PC never made the piano sing. After a regrettable number of evenings, I'd separated this into three independent bugs stacked on top of each other. The first one is the famous one: Windows only natively exposes BLE-MIDI through the WinRT API, which almost no DAW polls. So even when pairing succeeds, MIDI apps still don't see the device. The usual workaround is MIDIberry + loopMIDI, but I couldn't get that combination to work reliably in my case, and I wanted a single-app solution. The new Windows MIDI Services stack ships with a feature called loopback endpoints: anything written to one comes out the other, and any w
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZoneCorp," which has published a set of repositories that are associated with malicious Ruby gems and Go modules. As of
The Rotary Un-Smartphone
4 points, 0 comments on Hacker News
Presentation: The Next Generation of AI Products
Hilary Mason shares her journey from academia to building AI products at scale. She discusses the shift from discrete engineering to probabilistic mindsets, explaining why managing "human considerations" is the hardest part of the stack. She explains the "existential crisis" for engineers, arguing that great architecture today is about context management, systems thinking, and good taste. By Hilary Mason
Advanced Quantization Algorithm for LLMs
Article URL: https://github.com/intel/auto-round Comments URL: https://news.ycombinator.com/item?id=47972659 Points: 55 # Comments: 9
Vitest 4.1: Test Tags, Native Node.js Execution and AI Agent Reporter
Vitest 4.1, developed by VoidZero, enhances JavaScript testing with features like test tags for filtering and configuring tests, an experimental mode to bypass Vite's module runner, and new lifecycle hooks. It supports Vite 8 from the start. Notably, it reports improvements in performance compared to Jest. The release addresses issues and provides guides for migration. By Daniel Curtis
Article: Securing Autonomous AI Agents on Kubernetes: Trust Boundaries, Secrets, and Observability for a New Category of Cloud Workload
Autonomous AI agents break Kubernetes security assumptions with dynamic dependencies, multi-domain credentials, and unpredictable resource use. This article covers production-tested patterns: Job-based isolation, Vault for scoped short-lived credentials, a four-phase trust model from shadow mode to autonomous operation, and observability for non-deterministic reasoning cycles. By Nik Kale
Show HN: WhatCable, a tiny menu bar app for inspecting USB-C cables
40 points, 5 comments on Hacker News
Grok 4.3
63 points, 53 comments on Hacker News
Lost in translation: The linguistic challenges facing N. Korean defectors (2025)
22 points, 16 comments on Hacker News
Broadcom Donates Velero to CNCF, Shifting Kubernetes Backup to Community Governance
Broadcom has announced the contribution of Velero, its Kubernetes-native backup, restore and migration project, to the Cloud Native Computing Foundation (CNCF) as a Sandbox project. Velero It operates at the Kubernetes API layer, capturing cluster state through Custom Resource Definitions (CRDs) rather than through hypervisor or storage-layer snapshots. By Matt Saunders
Canonical/Ubuntu have been under DDoS for more than 15h
48 points, 10 comments on Hacker News
A more efficient implementation of Shor's algorithm
37 points, 2 comments on Hacker News
Life of a Packet in Amazon EKS
Comments
Supersimple: Lightweight OpenCode profile for routine dev work with focused agents, local skills, and conductor-based track management
Comments
What are you doing this weekend?
Feel free to tell what you plan on doing this weekend and even ask for help or feedback. Please keep in mind it’s more than OK to do nothing at all too!
It’s Toasted
Article URL: https://yadin.com/notes/toasted/ Comments URL: https://news.ycombinator.com/item?id=47971830 Points: 42 # Comments: 30
Apple Says Mac Studio and Mac Mini Will Be in Short Supply for Months
Article URL: https://www.macrumors.com/2026/04/30/mac-studio-mac-mini-constrained-months/ Comments URL: https://news.ycombinator.com/item?id=47971768 Points: 73 # Comments: 57
Your Biggest Vulnerability is your Shitty Compensation
Article URL: https://green.spacedino.net/your-biggest-vulnerability-is-your-shitty-compensation/ Comments URL: https://news.ycombinator.com/item?id=47971134 Points: 19 # Comments: 6
Show HN: Winpodx – run Windows apps on Linux as native windows
Article URL: https://github.com/kernalix7/winpodx Comments URL: https://news.ycombinator.com/item?id=47970690 Points: 28 # Comments: 5
OpenWarp
Article URL: https://openwarp.zerx.dev Comments URL: https://news.ycombinator.com/item?id=47970622 Points: 49 # Comments: 43
The Hearts of the Super Nintendo
Article URL: https://fabiensanglard.net/snes_hearts/ Comments URL: https://news.ycombinator.com/item?id=47970578 Points: 7 # Comments: 2
Text-to-CAD
50 points, 14 comments on Hacker News
Porting microgpt to Futhark, Part I
Comments
ClawIRC – IRC Chat for Agents
Article URL: https://clawirc.com/ Comments URL: https://news.ycombinator.com/item?id=47970089 Points: 6 # Comments: 0
Simple and Correct Snapshot Isolation
7 points, 0 comments on Hacker News
If I Could Make My Own GitHub
Comments
Android VPN IP Leak Even If Always-On VPN Enabled
Comments
CPanel and WHM Authentication Bypass – CVE-2026-41940
Article URL: https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/ Comments URL: https://news.ycombinator.com/item?id=47969288 Points: 61 # Comments: 19
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles