Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
From bytecode to bytes: automated magic packet generation
By applying symbolic execution and the Z3 theorem prover to BPF bytecode, we’ve automated the generation of malware trigger packets, cutting analysis time from hours to seconds.
LLM plays an 8-bit Commander X16 game using structured "smart senses"
I connected the ChatGPT API (model gpt-4o) to an 8-bit shoot-'em-up game, PvP-AI, running on a Commander X16 emulator. Instead of pixels or audio, the model receives structured text summaries, what I’m calling "smart senses", based on the game's existing touch and EMF-style inputs. The LLM maintains notes between turns, develops strategies across games, and even discovers an exploit in the built-in AI's behavior. Write-up, technical details, and three sequential gameplay recordings: https://pvp-ai.russell-harper.com/#v3 Comments URL: https://news.ycombinator.com/item?id=47689550 Points: 11 # Comments: 0
Show HN: Skrun – Deploy any agent skill as an API
Article URL: https://github.com/skrun-dev/skrun Comments URL: https://news.ycombinator.com/item?id=47689319 Points: 41 # Comments: 9
US cities are axing Flock Safety surveillance technology
Article URL: https://www.cnet.com/home/security/when-flock-comes-to-town-why-cities-are-axing-the-controversial-surveillance-technology/ Comments URL: https://news.ycombinator.com/item?id=47689237 Points: 453 # Comments: 253
MegaTrain: Full Precision Training of 100B+ Parameter LLMs on a Single GPU
4 points, 0 comments on Hacker News
Show HN: I pipe free sports streams into Jellyfin – no ads, just HLS
Article URL: https://github.com/pcruz1905/hls-restream-proxy Comments URL: https://news.ycombinator.com/item?id=47689165 Points: 69 # Comments: 20
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and
They're Made Out of Meat (1991)
238 points, 83 comments on Hacker News
Struggle Against the Gods
Article URL: https://firstthings.com/struggle-against-the-gods/ Comments URL: https://news.ycombinator.com/item?id=47687755 Points: 32 # Comments: 2
I've sold out
Article URL: https://mariozechner.at/posts/2026-04-08-ive-sold-out/ Comments URL: https://news.ycombinator.com/item?id=47687533 Points: 134 # Comments: 79
Under the hood of MDN's new frontend
Comments
Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities. The model will be used by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike,&
Mario and Earendil
Article URL: https://lucumr.pocoo.org/2026/4/8/mario-and-earendil/ Comments URL: https://news.ycombinator.com/item?id=47687464 Points: 14 # Comments: 6
Volunteers turn a fan's recordings of 10K concerts into an online treasure trove
131 points, 12 comments on Hacker News
Git commands I run before reading any code
Article URL: https://piechowski.io/post/git-commands-before-reading-code/ Comments URL: https://news.ycombinator.com/item?id=47687273 Points: 390 # Comments: 88
Škoda DuoBell: A bicycle bell that penetrates noise-cancelling headphones
381 points, 459 comments on Hacker News
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling [...], while quietly functioning as malware loaders, extending Contagious Interview’s established playbook into a coordinated
Applying "Programming Without Pointers" to an mbox indexer using Zig
Comments
Veracrypt project update
Article URL: https://sourceforge.net/p/veracrypt/discussion/general/thread/9620d7a4b3/ Comments URL: https://news.ycombinator.com/item?id=47686549 Points: 465 # Comments: 138
C++: Freestanding Standard Library
32 points, 4 comments on Hacker News
The Art of Risk Management (2017)
26 points, 6 comments on Hacker News
Investigating Split Locks on x86-64
46 points, 11 comments on Hacker News
1SubML: Plan vs Reality
Comments
We moved Railway's frontend off Next.js. Builds went from 10+ mins to under 2
115 points, 96 comments on Hacker News
Razor1911 [video]
5 points, 6 comments on Hacker News
Introduction to Nintendo DS Programming
24 points, 2 comments on Hacker News
Introducing the Child Safety Blueprint
Discover OpenAI’s Child Safety Blueprint—a roadmap for building AI responsibly with safeguards, age-appropriate design, and collaboration to protect and empower young people online.
Who is Satoshi Nakamoto? My quest to unmask Bitcoin's creator
282 points, 198 comments on Hacker News
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial
One Brain to Query: Wiring a 60-Person Company into a Single Slack Bot
32 points, 32 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles