Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Mean Hand
Comments
Introducing new capabilities to GPT-Rosalind
GPT-Rosalind advances life sciences research with enhanced biological reasoning, medicinal chemistry expertise, genomics analysis, and experimental workflow capabilities.
Show HN: Tired of duct-taping access control into agent prompts. Here's the fix
Article URL: https://github.com/yaodub/cast Comments URL: https://news.ycombinator.com/item?id=48383471 Points: 10 # Comments: 13
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones," security researcher Ammar Askar said. GitHub supports a feature called GitHub.dev that runs as
32GB of DDR5 now costs $375 – AI shortage continues to squeeze PC building
Article URL: https://www.tomshardware.com/pc-components/ddr5/32gb-of-ddr5-now-costs-usd375-minimum-ai-shortage-continues-to-squeeze-pc-building Comments URL: https://news.ycombinator.com/item?id=48383241 Points: 154 # Comments: 176
Meta workers can opt out of being tracked at work up to 30 min
341 points, 306 comments on Hacker News
Uber's $1,500/month AI limit is a useful signal for AI tool pricing
276 points, 345 comments on Hacker News
Piramidal (YC W24) – Software Engineers – NYC Onsite
Comments URL: https://news.ycombinator.com/item?id=48382853 Points: 0 # Comments: 0
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and beyond the reach of
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit
Presentation: Choosing Your AI Copilot: Maximizing Developer Productivity
Sepehr Khosravi discusses the evolution of developer productivity tools. Evaluating the strengths of tools like Cursor and Claude Code, he explains actionable techniques for senior engineers - including context engineering, custom rules, and Model Context Protocol (MCP) integrations. He shares real-world benchmarks and strategic frameworks for balancing AI adoption with clean code quality. By Sepehr Khosravi
Every Byte Matters
158 points, 75 comments on Hacker News
Hacking your PC using your speaker without ever touching it
414 points, 74 comments on Hacker News
What I've learned about the trombone
44 points, 35 comments on Hacker News
PlayStation Architecture
141 points, 24 comments on Hacker News
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool's ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress. CVE-2026-33829 refers to a spoofing vulnerability that could expose
.furry - A Top-Level Domain for furries
Comments
WSL containers, Coreutils for Windows, and agents
Comments
A blueprint for democratic governance of frontier AI
OpenAI outlines a blueprint for U.S. governance of frontier AI, proposing a federal framework for safety, resilience, and national security.
OpenAI public policy agenda
OpenAI outlines its public policy agenda for AI, including safety, youth protection, workforce transition, and global standards to ensure AI benefits society.
How TypeScript distributes unions
Comments
Article: Two Misconfigurations That Caused Spark OOM Failures on Kubernetes
After migrating Spark pipelines to Azure Kubernetes Service, two infrastructure settings interacted destructively: spark.kubernetes.local.dirs.tmpfs=true backed shuffle spill with RAM instead of disk, and a hard podAffinity rule forced all executors onto one node. Together, they caused repeated OOM kills invisible to standard diagnostics. By Pranav Bhasker
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's default HTTP/2 configuration," the company said, adding it was discovered by OpenAI Codex by chaining
It is an amazing time for programmers
Article URL: https://46elks.com/blog/2026/05/29/an-amazing-time-for-programmers Comments URL: https://news.ycombinator.com/item?id=48381211 Points: 46 # Comments: 27
Revealing the frontier with stacks and queues
Comments
Gleam v1.17 - Single file Gleam BEAM programs with escript
Comments
Node.js Moves to One Major Release Per Year, Starting with Node 27
Node.js will change its release schedule starting with version 27 in October 2026, moving from two major releases per year to one. All releases will become Long-Term Support (LTS), removing the distinction between odd and even versions. An Alpha channel for early testing will also be introduced. This decision addresses maintenance challenges and aims to align with user needs. By Daniel Curtis
Leiden Declaration on Artificial Intelligence and Mathematics
87 points, 42 comments on Hacker News
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820
Microsoft Doubles Down on Controversial Quantum Computing Claims
Article URL: https://www.science.org/content/article/doubling-down-controversial-claims-microsoft-accelerates-quantum-computing-plans Comments URL: https://news.ycombinator.com/item?id=48380516 Points: 28 # Comments: 27
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles