Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Different Language Models Learn Similar Number Representations
Article URL: https://arxiv.org/abs/2604.20817 Comments URL: https://news.ycombinator.com/item?id=47890873 Points: 63 # Comments: 25
Show HN: Browser Harness – Gives LLM freedom to complete any browser task
Hey HN, We got tired of browser frameworks restricting the LLM, so we removed the framework and gave the LLM maximum freedom to do whatever it's trained on. We gave the harness the ability to self correct and add new tools if the LLM wants (is pre-trained on) that. Our Browser Use library is tens of thousands of lines of deterministic heuristics wrapping Chrome (CDP websocket). Element extractors, click helpers, target managemenet (SUPER painful), watchdogs (crash handling, file downloads, alerts), cross origin iframes (if you want to click on an element you have to switch the target first, very anoying), etc. Watchdogs specifically are extremely painful but required. If Chrome triggers for example a native file popup the agent is just completely stuck. So the two solutions are to: 1. code those heuristics and edge cases away 1 by 1 and prevent them 2. give LLM a tool to handle the edge case As you can imagine - there are crazy amounts of heuristics like this so you eventually end up w
Sabotaging projects by overthinking, scope creep, and structural diffing
Article URL: https://kevinlynagh.com/newsletter/2026_04_overthinking/ Comments URL: https://news.ycombinator.com/item?id=47890799 Points: 236 # Comments: 57
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control laws. "For years, NASA employees
Machine Learning Reveals Unknown Transient Phenomena in Historic Images
Article URL: https://arxiv.org/abs/2604.18799 Comments URL: https://news.ycombinator.com/item?id=47890456 Points: 33 # Comments: 25
The operating cost of adult and gambling startups
4 points, 0 comments on Hacker News
Aspartame is not that bad?
4 points, 0 comments on Hacker News
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. It is that agents are delegated actors. They do not emerge with independent authority. They are triggered, invoked, provisioned, or
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. "Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of legitimate wallets," Kaspersky
UK Biobank leak: Health details of 500 000 people are offered for sale
Article URL: https://www.bmj.com/content/393/bmj.s781 Comments URL: https://news.ycombinator.com/item?id=47888557 Points: 70 # Comments: 22
Hear your agent suffer through your code
Article URL: https://github.com/AndrewVos/endless-toil Comments URL: https://news.ycombinator.com/item?id=47888465 Points: 29 # Comments: 7
How to be anti-social – a guide to incoherent and isolating social experiences
Article URL: https://nate.leaflet.pub/3mk4xkaxobc2p Comments URL: https://news.ycombinator.com/item?id=47888372 Points: 54 # Comments: 43
The Tribe Has to Outlive the Model
Comments
nowhere: an entire website encoded in a URL
Article URL: https://hostednowhere.com/ Comments URL: https://news.ycombinator.com/item?id=47888337 Points: 51 # Comments: 36
Hire based on the conversation about code, not the code itself
Comments
i found an old telephone and made it control spotify
Comments
Mounting tar archives as a filesystem in WebAssembly
Article URL: https://jeroen.github.io/notes/webassembly-tar/ Comments URL: https://news.ycombinator.com/item?id=47888124 Points: 22 # Comments: 2
Sloppy Copies
Comments
Electrostatics and High Voltage Links
15 points, 2 comments on Hacker News
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access. Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to Tropic Trooper (aka
S. Korea police arrest man over AI image of runaway wolf that misled authorities
Article URL: https://www.bbc.com/news/articles/c4gx1n0dl9no Comments URL: https://news.ycombinator.com/item?id=47887683 Points: 124 # Comments: 77
Spinel: Ruby AOT Native Compiler
Article URL: https://github.com/matz/spinel Comments URL: https://news.ycombinator.com/item?id=47887334 Points: 102 # Comments: 23
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data. "A server-side
Composition Shouldn't be this Hard
Article URL: https://www.cambra.dev/blog/announcement/ Comments URL: https://news.ycombinator.com/item?id=47886773 Points: 76 # Comments: 53
Pure Borrow: Linear Haskell Meets Rust-Style Borrowing
Comments
Show HN: How LLMs Work – Interactive visual guide based on Karpathy's lecture
All content is based on Andrej Karpathy's "Intro to Large Language Models" lecture (youtube.com/watch?v=7xTGNNLPyMI). I downloaded the transcript and used Claude Code to generate the entire interactive site from it — single HTML file. I find it useful to revisit this content time to time. Comments URL: https://news.ycombinator.com/item?id=47886517 Points: 103 # Comments: 21
Show HN: Gova – The declarative GUI framework for Go
Article URL: https://github.com/NV404/gova Comments URL: https://news.ycombinator.com/item?id=47886272 Points: 58 # Comments: 13
Running Bare-Metal Rust Alongside ESP-IDF on the ESP32-S3's Second Core
22 points, 4 comments on Hacker News
Familiarity is the enemy: On why Enterprise systems have failed for 60 years
15 points, 2 comments on Hacker News
Intel Arc Pro B70 Review
99 points, 58 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles