Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its real
Show HN: DAC – open-source dashboard as code tool for agents and humans
6 points, 0 comments on Hacker News
Zed 1.0
973 points, 322 comments on Hacker News
Presentation: Agents, Architecture, & Amnesia: Becoming AI-Native Without Losing Our Minds
Tracy Bannon shares a cautionary tale of "The Sorcerer’s Apprentice" to illustrate the risks of unbridled AI autonomy. She discusses the shift from bots to autonomous agents, explaining how reckless speed leads to "Architectural Amnesia." She provides a concrete framework for "Minimum Viable Governance," focusing on identity, delegation, and ADRs to manage debt at machine speed across the SDLC. By Tracy Bannon
How to Build the Future: Demis Hassabis [video]
25 points, 7 comments on Hacker News
We need a federation of forges
403 points, 215 comments on Hacker News
Barman – Backup and Recovery Manager for PostgreSQL
42 points, 3 comments on Hacker News
Letting AI play my game – building an agentic test harness to help play-testing
91 points, 18 comments on Hacker News
Blessed Syntax and Ergonomics
Comments
Coffee with a splash of physics: how to make the most out of your brew
Article URL: https://physicsworld.com/a/coffee-with-a-splash-of-physics-how-to-make-the-most-out-of-your-brew/ Comments URL: https://news.ycombinator.com/item?id=47947318 Points: 4 # Comments: 0
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren't just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping Active Directory and seizing Domain Admin credentials in minutes. The problem? Most defensive workflows
Stardex Is Hiring a Founding Customer Success Lead
Article URL: https://www.ycombinator.com/companies/stardex/jobs/6GCK1HC-founding-customer-success-lead Comments URL: https://news.ycombinator.com/item?id=47947125 Points: 0 # Comments: 0
Sauce Labs Launches AI Agent to Automate Test Creation and Close the DevOps “Velocity Gap”
Sauce Labs has announced the general availability of Sauce AI for Test Authoring, an AI-driven agent designed to translate business intent directly into executable test suites, marking a shift toward what the company calls Intent-Driven Testing. By Craig Risi
HashiCorp co-founder says GitHub 'no longer a place for serious work'
Article URL: https://www.theregister.com/2026/04/29/mitchell_hashimoto_ghostty_quitting_github/ Comments URL: https://news.ycombinator.com/item?id=47946958 Points: 75 # Comments: 15
New copy of earliest poem in English, written 1,3k years ago, discovered in Rome
63 points, 32 comments on Hacker News
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: "So, are we actually safer now?" Crickets. The room goes quiet because an honest answer requires context – which is something that patch counts and CVSS scores were never designed to provide. Exposure
GitHub – DOS 1.0: Transcription of Tim Paterson's DOS Printouts
82 points, 4 comments on Hacker News
Mistral AI Introduces Workflows for Orchestrating Enterprise AI Processes
Mistral AI has launched Workflows, an orchestration layer for enterprise AI that is now in public preview. This release addresses a significant challenge as AI models and agents become more advanced, while reliably deploying them in production remains difficult due to a lack of infrastructure for coordination, monitoring, and recovery. By Robert Krzaczyński
RIPE NCC RPKI exploit chain
Comments
Github banned me for no understandable reason
Comments
QCon AI Boston 2026 Schedule: Agents in Production, Inference Cost, and AI in the SDLC
The schedule for QCon AI Boston 2026 (June 1-2) is now live. The two-day program groups sessions around context engineering, inference economics, agent reliability, and how AI is changing the software development lifecycle. Speakers include engineers from DoorDash, LinkedIn, Netflix, Apple, and Red Hat. By Artenisa Chatziou
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions - 11.110.0.97 11.118.0.63 11.126.0.54 11.132.0.29
Show HN: Rip.so – a graveyard for dead internet things
Article URL: https://rip.so Comments URL: https://news.ycombinator.com/item?id=47945955 Points: 88 # Comments: 66
Soft launch of open-source code platform for government
Article URL: https://www.nldigitalgovernment.nl/news/soft-launch-for-government-open-source-code-platform/ Comments URL: https://news.ycombinator.com/item?id=47945918 Points: 219 # Comments: 74
AWS Interconnect Reaches General Availability with Managed Multicloud and Last-Mile Connectivity
AWS Interconnect reached general availability, offering managed private Layer 3 connections to Google Cloud and a last-mile capability via Lumen. Azure and OCI support is planned for later in 2026. AWS published the underlying specification on GitHub under Apache 2.0, which Forrester analysts read as a play to set a de facto standard for multicloud connectivity. By Steef-Jan Wiggers
Stable specialization in Rust
Comments
Why Law Is Law-Shaped
Article URL: https://lawvm.org/why-law-is-law-shaped/ Comments URL: https://news.ycombinator.com/item?id=47945861 Points: 54 # Comments: 27
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2024-1708 (CVSS score: 8.4) - A path traversal vulnerability in ConnectWise ScreenConnect
Why I Still Reach for Lisp (& Scheme) Instead of Haskell
After reading the original article https://web.archive.org/web/20121204010925/https://slidetocode.com/2012/04/09/why-i-prefer-scheme-to-haskell/ I realized it really resonated with me and was actually telling my story (partially). So I wrote my own article on this topic. Hope you enjoy: https://jointhefreeworld.org/blog/articles/lisps/why-i-still-reach-for-scheme-instead-of-haskell/index.html Comments
Tell HN: An update from the new Tindie team
Received by email tonight about two hours ago: Dear Tindie Community, My name is Gongyu Su, and I am writing on behalf of the new Tindie ownership team. First, we sincerely apologize for the recent downtime and the disruption it caused. We understand that many buyers and community members were left without clear information during the transition, and that this created frustration and concern. Tindie is now owned by EETree LLC, a Washington State company. Our team took over Tindie because we believe it remains an important platform for makers, hardware creators, engineers, and independent sellers around the world. The recent transition was more complex than expected. Tindie runs on an older technical framework with many connected services, and the migration from the previous operating environment to the new one took longer and caused more disruption than anyone wanted. We know this was not the experience the Tindie community deserved. Our immediate focus is to stabilize the platform, re
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles