Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
What is jj and why should I care?
Article URL: https://steveklabnik.github.io/jujutsu-tutorial/introduction/what-is-jj-and-why-should-i-care.html Comments URL: https://news.ycombinator.com/item?id=47763759 Points: 47 # Comments: 24
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" where the density of high-impact vulnerabilities is scaling faster than
Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It
Article URL: https://ciphercue.com/blog/ransomware-claims-grew-faster-than-security-spend-2025 Comments URL: https://news.ycombinator.com/item?id=47762994 Points: 24 # Comments: 22
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions are published
Backblaze has stopped backing up your data
Article URL: https://rareese.com/posts/backblaze/ Comments URL: https://news.ycombinator.com/item?id=47762864 Points: 294 # Comments: 192
Introspective Diffusion Language Models
Article URL: https://introspective-diffusion.github.io/ Comments URL: https://news.ycombinator.com/item?id=47762641 Points: 87 # Comments: 24
5NF and Database Design
Comments
Razor1911 – Razor1911
Comments
The secrets of the Shinkansen
Article URL: https://www.worksinprogress.news/p/the-secret-behind-japans-railways Comments URL: https://news.ycombinator.com/item?id=47762060 Points: 111 # Comments: 100
Can Claude Fly a Plane?
Article URL: https://so.long.thanks.fish/can-claude-fly-a-plane/ Comments URL: https://news.ycombinator.com/item?id=47762006 Points: 6 # Comments: 0
Distributed DuckDB Instance
4 points, 1 comments on Hacker News
Roblox devs now need a subscription to share their games freely
Article URL: https://devforum.roblox.com/t/new-publishing-requirements-evaluation-process-for-games/4573166 Comments URL: https://news.ycombinator.com/item?id=47761825 Points: 4 # Comments: 1
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of
MOS tech 6502 8-bit microprocessor in pure SQL powered by Postgres
Article URL: https://github.com/lasect/pg_6502 Comments URL: https://news.ycombinator.com/item?id=47761723 Points: 39 # Comments: 3
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) - An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to
UpDown: Efficient Manycore based on Many Threading & Scalable Memory Parallelism
Article URL: https://people.cs.uchicago.edu/~aachien/lssg/research/10x10/ics26-single-chip-updown.pdf Comments URL: https://news.ycombinator.com/item?id=47761613 Points: 4 # Comments: 0
TanStack Start Now Support React Server Components
Article URL: https://tanstack.com/blog/react-server-components Comments URL: https://news.ycombinator.com/item?id=47761609 Points: 23 # Comments: 20
Math Is Still Catching Up to the Mysterious Genius of Srinivasa Ramanujan (2024)
Article URL: https://www.quantamagazine.org/srinivasa-ramanujan-was-a-genius-math-is-still-catching-up-20241021/ Comments URL: https://news.ycombinator.com/item?id=47761310 Points: 37 # Comments: 0
Hacker compromises A16Z-backed phone farm, calling them the 'antichrist'
Article URL: https://www.404media.co/hacker-compromises-a16z-backed-phone-farm-tries-to-post-memes-calling-a16z-the-antichrist/ Comments URL: https://news.ycombinator.com/item?id=47760925 Points: 122 # Comments: 32
A new spam policy for "back button hijacking"
Article URL: https://developers.google.com/search/blog/2026/04/back-button-hijacking Comments URL: https://news.ycombinator.com/item?id=47760764 Points: 196 # Comments: 104
Sometimes powerful people just do dumb shit
Article URL: https://www.joanwestenberg.com/sometimes-powerful-people-just-do-dumb-shit/ Comments URL: https://news.ycombinator.com/item?id=47760750 Points: 104 # Comments: 28
No one can force me to have a secure website
Additional context: https://www.youtube.com/watch?v=M1si1y5lvkk No abstract. Comments
DaVinci Resolve releases Photo Editor
Article URL: https://www.blackmagicdesign.com/products/davinciresolve/photo Comments URL: https://news.ycombinator.com/item?id=47760529 Points: 335 # Comments: 75
Rewriting Every Syscall in a Linux Binary at Load Time
61 points, 25 comments on Hacker News
Trusted access for the next era of cyber defense
OpenAI expands its Trusted Access for Cyber program, introducing GPT-5.4-Cyber to vetted defenders and strengthening safeguards as AI cybersecurity capabilities advance.
30 Years of HPC: many hardware advances, little adoption of new languages
13 points, 0 comments on Hacker News
The dangers of California's legislation to censor 3D printing
195 points, 217 comments on Hacker News
Why it's impossible to measure England's coastline
Article URL: https://www.bbc.com/travel/article/20260410-why-its-impossible-to-measure-englands-coastline Comments URL: https://news.ycombinator.com/item?id=47759416 Points: 6 # Comments: 3
SnapState - Persistent state for AI agent workflows
Article URL: https://snapstate.dev Comments URL: https://news.ycombinator.com/item?id=47759400 Points: 5 # Comments: 0
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles