Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Zig 0.16.0 Release Notes
Comments
80386 Memory Pipeline
42 points, 7 comments on Hacker News
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below - CVE-2026-40176 (CVSS
The Fediverse deserves a dumb graphical client
Article URL: https://adele.pages.casa/md/blog/the-fediverse-deserves-a-dumb-graphical-client.md Comments URL: https://news.ycombinator.com/item?id=47767143 Points: 44 # Comments: 9
Show HN: A memory database that forgets, consolidates, and detects contradiction
Vector databases store memories. They don't manage them. After 10k memories, recall quality degrades because there's no consolidation, no forgetting, no conflict resolution. Your AI agent just gets noisier. YantrikDB is a cognitive memory engine — embed it, run it as a server, or connect via MCP. It thinks about what it stores: consolidation collapses duplicate memories, contradiction detection flags incompatible facts, temporal decay with configurable half-life lets unimportant memories fade like human memory does. Single Rust binary. HTTP + binary wire protocol. 2-voter + 1-witness HA cluster via Docker Compose or Kubernetes. Chaos-tested failover, runtime deadlock detection (parking_lot), per-tenant quotas, Prometheus metrics. Ran a 42-task hardening sprint last week — 1178 core tests, cargo-fuzz targets, CRDT property tests, 5 ops runbooks. Live on a 3-node Proxmox homelab cluster with multiple tenants. Alpha — primary user is me, looking for the second one. Comments URL: https://n
The future of everything is lies, I guess: Work
Article URL: https://aphyr.com/posts/418-the-future-of-everything-is-lies-i-guess-work Comments URL: https://news.ycombinator.com/item?id=47766550 Points: 201 # Comments: 168
How exposed is your code? Find out in minutes—for free
The new Code Security Risk Assessment gives you a one-click view of vulnerabilities across your organization, at no cost. The post How exposed is your code? Find out in minutes—for free appeared first on The GitHub Blog.
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. "The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying
Show HN: LangAlpha – what if Claude Code was built for Wall Street?
48 points, 15 comments on Hacker News
Recovering Windows Live Writer Files
3 points, 0 comments on Hacker News
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams. The campaign, which has been
Rare concert recordings are landing on the Internet Archive
319 points, 95 comments on Hacker News
A collection of small, low stakes and low effort tools
Comments
Show HN: Kontext CLI – Credential broker for AI coding agents in Go
46 points, 14 comments on Hacker News
Scaling MCP adoption: Our reference architecture for simpler, safer and cheaper enterprise deployments of MCP
We share Cloudflare's internal strategy for governing MCP using Access, AI Gateway, and MCP server portals. We also launch Code Mode to slash token costs and recommend new rules for detecting Shadow MCP in Cloudflare Gateway.
Securing non-human identities: automated revocation, OAuth, and scoped permissions
Cloudflare is introducing scannable API tokens, enhanced OAuth visibility, and GA for resource-scoped permissions. These tools help developers implement a true least-privilege architecture while protecting against credential leakage.
Managed OAuth for Access: make internal apps agent-ready in one click
Managed OAuth for Cloudflare Access helps AI agents securely navigate internal applications. By adopting RFC 9728, agents can authenticate on behalf of users without using insecure service accounts.
Secure private networking for everyone: users, nodes, agents, Workers — introducing Cloudflare Mesh
Cloudflare Mesh provides secure, private network access for users, nodes, and autonomous AI agents. By integrating with Workers VPC, developers can now grant agents scoped access to private databases and APIs without manual tunnels.
Embed You a ponyc for Great Good
Comments
Dependency cooldowns turn you into a free-rider
Comments
Ask HN: I quit my job over weaponized robots to start my own venture
Two weeks ago, I quit my job at a robotics company. I was working with high-end hardware (Boston Dynamics, Unitree), but I found out they were planning to mount teleoperated weapons on the robotic platforms for a demo. I’m not willing to go there, so I resigned without another offer. I’ve decided this is the right time to go back to entrepreneurship. We're at an incredible moment for embodied intelligence, but I feel the tools and workflows we use to interact, monitor, and control these platforms are still lagging behind. I'm currently exploring a couple of projects around how we build, test, and interact with robots. As part of my customer discovery phase, I'm trying to gather raw data on how roboticists and developers actually work day to day and what their main pain points are regarding control interfaces. I put together a very short survey (3 mins) to validate some ideas. If you work in robotics, embedded systems, or just tinker with hardware, your input would be incredibly valuabl
NimConf 2026: Dates Announced, Registrations Open
Article URL: https://nim-lang.org/blog/2026/04/07/nimconf-2026.html Comments URL: https://news.ycombinator.com/item?id=47764098 Points: 24 # Comments: 4
Rust should have stable tail calls
Comments
PHP 8.6 Closure Optimizations
9 points, 2 comments on Hacker News
120+ Icons and Counting
Comments
What is jj and why should I care?
Article URL: https://steveklabnik.github.io/jujutsu-tutorial/introduction/what-is-jj-and-why-should-i-care.html Comments URL: https://news.ycombinator.com/item?id=47763759 Points: 47 # Comments: 24
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" where the density of high-impact vulnerabilities is scaling faster than
Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It
Article URL: https://ciphercue.com/blog/ransomware-claims-grew-faster-than-security-spend-2025 Comments URL: https://news.ycombinator.com/item?id=47762994 Points: 24 # Comments: 22
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions are published
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles