Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Performance of the Wren programming language
Comments
How are you protecting yourself against the imminent AI dooms zero day?
Above all this is a fun discussion. Don't get too serious :) As LLMs get better and better at pattern matching against vulnerabilities, and gaining better logical inference, it's a matter of time until a human or a group of humans and an LLM(s) find a plethora of zero days, some possibly unpatchable. I'm sure others have thought the same, so I'm curious just what the general zeitgeist is. I personally think any machine you haven't put online, like those 10 year old laptops in the closest, are safe. The problem is, I believe airgap will not save us either if a truly advanced system is developed. More or less I think "primitive technology" could return in various ways depending what we're talking about, like in finance, to avoid manipulation.
grasp: a simple protocol for decentralized git
Comments
LixCon 2026
Comments
Anthropic takes $5B from Amazon and pledges $100B in cloud spending in return
Article URL: https://techcrunch.com/2026/04/20/anthropic-takes-5b-from-amazon-and-pledges-100b-in-cloud-spending-in-return/ Comments URL: https://news.ycombinator.com/item?id=47848276 Points: 186 # Comments: 189
Tindie store under "scheduled maintenance" for days
89 points, 45 comments on Hacker News
Moving past bots vs. humans
As AI assistants and privacy proxies challenge the capabilities of traditional bot detection, the Web needs new models for accountability. We believe that control should remain with the client, and that an open ecosystem of anonymous credentials is key to preserving user privacy while protecting origins from abuse.
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage. The root cause of slow MTTR is almost never "not enough analysts." It is almost always the same structural problem: threat intelligence that exists
Emacs is my browser
Comments
Introducing ChatGPT Images 2.0
ChatGPT Images 2.0 introduces a state-of-the-art image generation model with improved text rendering, multilingual support, and advanced visual reasoning.
Show HN: VidStudio, a browser based video editor that doesn't upload your files
Hi HN, I built VidStudio, a privacy focused video editor that runs in the browser. I tried to keep it as frictionless as possible, so there are no accounts and no uploads. Everything is persisted on your machine. Some of the features: multi-track timeline, frame accurate seek, MP4 export, audio, video, image, and text tracks, and a WebGL backed canvas where available. It also works on mobile. Under the hood, WebCodecs handles frame decode for timeline playback and scrubbing, which is what makes seeking responsive since decode runs on the hardware decoder when the browser supports it. FFmpeg compiled to WebAssembly handles final encode, format conversion, and anything WebCodecs does not cover. Rendering goes through Pixi.js on a WebGL canvas, with a software fallback when WebGL is not available. Projects live in IndexedDB and the heavy work runs in Web Workers so the UI stays responsive during exports. Happy to answer technical questions about the tradeoffs involved in keeping the whole
Tim Cook's Impeccable Timing
John Ternus to become Apple CEO - https://news.ycombinator.com/item?id=47840219 - April 2026 (1213 comments) Comments URL: https://news.ycombinator.com/item?id=47847324 Points: 223 # Comments: 323
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing
Smoking ban for people born after 2008 in the UK agreed
Article URL: https://www.bbc.co.uk/news/articles/cn08jy6w0l5o Comments URL: https://news.ycombinator.com/item?id=47847240 Points: 23 # Comments: 33
Laws of Software Engineering
Article URL: https://lawsofsoftwareengineering.com Comments URL: https://news.ycombinator.com/item?id=47847179 Points: 108 # Comments: 29
Good architecture shouldn't need a carrot or a stick
Comments
Apple ignores DMA interoperability requests and contradicts own documentation
Article URL: https://fsfe.org/news/2026/news-20260420-01.html Comments URL: https://news.ycombinator.com/item?id=47847124 Points: 83 # Comments: 6
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
Cybersecurity researchers have discovered a new iteration of an Android malware family calledNGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated," ESET security researcher Lukáš Štefanko said in a report
A type-safe, realtime collaborative Graph Database in a CRDT
Article URL: https://codemix.com/graph Comments URL: https://news.ycombinator.com/item?id=47846946 Points: 38 # Comments: 13
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sanitization in Antigravity's native file-searching tool, find_by_name, to bypass the program's Strict
Diverse organic molecules on Mars revealed by the first SAM TMAH experiment
55 points, 1 comments on Hacker News
Finishing Things
Comments
What is your go-to project for learning a new language?
Ive been playing around with learning a lisp language for a while, and I recently decided to go for it and learn fennel (as I already am comfortable with lua) just to see if I like lisps as a class. Normally, I try to do the first 5-10 days of a previous advent of code to pick up a lang. Setting up my advent of code environment got me wondering: what projects do other people use to learn new languages/tooling? Id love to hear how other people approach learning a new skill.
A True Life Hack: What Physical 'Life Force' Turns Biology's Wheels?
42 points, 4 comments on Hacker News
Wait is over - coreboot on the AMD StarBook
Comments
A DIY Watch You Can Actually Wear
67 points, 34 comments on Hacker News
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2023-27351 (CVSS score: 8.2) - An improper authentication vulnerability in PaperCut
Louis Zocchi, inventor of the d100, has died
Article URL: https://icv2.com/articles/news/view/62176/r-i-p-louis-zocchi-the-godfather-dice Comments URL: https://news.ycombinator.com/item?id=47845231 Points: 80 # Comments: 37
Types and Neural Networks
Article URL: https://www.brunogavranovic.com/posts/2026-04-20-types-and-neural-networks.html Comments URL: https://news.ycombinator.com/item?id=47845111 Points: 47 # Comments: 9
Command Execution via Drag-and-Drop in Terminal Emulators
Comments
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles