Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
NestJS v12 Roadmap: Full ESM Migration, Standard Schema Validation and Modernised Toolchain
NestJS has announced a draft pull request for its upcoming v12.0.0 release, scheduled for early Q3 2026. Key changes include a transition from CommonJS to ESM, native Standard Schema support in route decorators, and shifts in testing and linting tools. Vitest will replace Jest, and oxlint will replace ESLint, while Rspack will replace Webpack for bundling. By Daniel Curtis
Spain's parliament will act against massive IP blockages by LaLiga
119 points, 16 comments on Hacker News
A 1960s art school experiment that redefined creativity
17 points, 1 comments on Hacker News
Durable queues, streams, pub/sub, and a cron scheduler – inside your SQLite file
35 points, 2 comments on Hacker News
Claude Code refuses requests or charges extra if your commits mention "OpenClaw"
275 points, 188 comments on Hacker News
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm's chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company's public image.
Little Magazines Are Back
52 points, 9 comments on Hacker News
Post-quantum encryption for Cloudflare IPsec is generally available
Cloudflare IPsec now has generally available support for post-quantum encryption via hybrid ML-KEM. We’ve confirmed interoperability with Cisco and Fortinet.
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online. Security is always a moving target. Millions of servers are currently sitting online without any passwords, and
How an Oil Refinery Works
150 points, 31 comments on Hacker News
Should I Run Plain Docker Compose in Production in 2026?
15 points, 8 comments on Hacker News
Show HN: Pollen – distributed WASM runtime, no control plane, single binary
52 points, 23 comments on Hacker News
The Science Behind Honey's Eternal Shelf Life (2013)
32 points, 18 comments on Hacker News
Meta in row after workers who saw smart glasses users having sex lose jobs
Article URL: https://www.bbc.com/news/articles/c5y7yvgy0w6o Comments URL: https://news.ycombinator.com/item?id=47961838 Points: 396 # Comments: 295
Agents can now create Cloudflare accounts, buy domains, and deploy
Starting today, agents can now be Cloudflare customers. They can create a Cloudflare account, start a paid subscription, register a domain, and get back an API token to deploy code right away. Humans can be in the loop to grant permission, but there’s no need to go to the dashboard, copy and paste API tokens, or enter credit card details.
CSS Zen Garden: The Beauty of CSS Design
Comments
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batch script ('install_obf.bat') that disables Windows security controls, dynamically extracts an
I aggregated 28 US Government auction sites into one search
157 points, 46 comments on Hacker News
Belgium stops decommissioning nuclear power plants
515 points, 406 comments on Hacker News
Enabling a new model for healthcare with AI co-clinician
Researching the path to AI-augmented care and development of an AI co-clinician.
Tar Files Created on macOS Display Errors When Extracting on Linux (2024)
55 points, 39 comments on Hacker News
Bitmap and tilemap generation from a single example
10 points, 0 comments on Hacker News
GCC 16 has been released
Article URL: https://gcc.gnu.org/gcc-16/changes.html Comments URL: https://news.ycombinator.com/item?id=47961004 Points: 224 # Comments: 36
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO)
Driving and Measuring the Impact of Platform Engineering
Platform engineering has to be approached from a socio-technical perspective, and shaped by all stakeholders, not just developers, Sergiu Petean said in his talk Driving the Future of Insurance through Platform Engineering. Platform success depends on written principles that endure change while embracing change as the main design force, to enable teams to build, run, and release software. By Ben Linders
Granite 4.1: IBM's 8B Model Matching 32B MoE
Article URL: https://firethering.com/granite-4-1-ibm-open-source-model-family/ Comments URL: https://news.ycombinator.com/item?id=47960507 Points: 33 # Comments: 5
Cloudflare Announces Agent Memory, a Managed Persistent Memory Service for AI Agents
Cloudflare announced Agent Memory in private beta, a managed service that extracts structured memories from AI agent conversations and retrieves them on demand using five-channel parallel retrieval with Reciprocal Rank Fusion. Shared memory profiles let teams of agents access common knowledge. Competitors include Mem0, Zep, LangMem, and Letta. By Steef-Jan Wiggers
Meta's Approach to Migrating their Systems to Post-Quantum Cryptography
Meta has already begun preparing for the threats posed by quantum computing and migrating its systems to post-quantum cryptography, a complex process that will take multiple years to complete. In a recent article, Meta researchers outline their strategy and share key lessons learned along the way. By Sergio De Simone
Presentation: Stripe’s Docdb: How Zero-Downtime Data Movement Powers Trillion-Dollar Payment Processing
Jimmy Morzaria discusses the evolution of Stripe’s database tier to support 5 million QPS with 5.5 nines of reliability. He explains the architecture of DocDB and shares how Stripe leverages a custom zero-downtime data movement platform to perform horizontal sharding, version upgrades, and multi-tenant migrations - all while maintaining the strict consistency required for global commerce. By Jimmy Morzaria
Mozilla's position on the Prompt API
Comments
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles