Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
If you're running OpenClaw, you probably got hacked in the last week
Article URL: https://old.reddit.com/r/sysadmin/comments/1sbdw29/if_youre_running_openclaw_you_probably_got_hacked/ Comments URL: https://news.ycombinator.com/item?id=47628608 Points: 98 # Comments: 42
OpenClaw privilege-escalation bug
228 points, 151 comments on Hacker News
Baby’s Second Garbage Collector
Comments
F-15E jet shot down over Iran
Article URL: https://www.theguardian.com/world/2026/apr/03/us-fighter-jet-confirmed-shot-down-over-iran Comments URL: https://news.ycombinator.com/item?id=47628326 Points: 41 # Comments: 152
The uphill climb of making diff lines performant
The path to better performance is often found in simplicity. The post The uphill climb of making diff lines performant appeared first on The GitHub Blog.
Signals, the push-pull based algorithm
Comments
VOID: Video Object and Interaction Deletion
135 points, 42 comments on Hacker News
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution,
Porting Go's strings package to C
14 points, 2 comments on Hacker News
Build your own Dial-up ISP with a Raspberry Pi
Article URL: https://www.jeffgeerling.com/blog/2026/build-your-own-dial-up-isp-with-a-raspberry-pi/ Comments URL: https://news.ycombinator.com/item?id=47627527 Points: 14 # Comments: 1
Claude Code Found a Linux Vulnerability Hidden for 23 Years
Comments
Slap: Functional Concatenative Language... with a Borrow Checker?
Comments
Solar and batteries can power the world
Article URL: https://nworbmot.org/blog/solar-battery-world.html Comments URL: https://news.ycombinator.com/item?id=47627061 Points: 202 # Comments: 287
Big-Endian Testing with QEMU
Article URL: https://www.hanshq.net/big-endian-qemu.html Comments URL: https://news.ycombinator.com/item?id=47626462 Points: 57 # Comments: 41
Show HN: I built a frontpage for personal blogs
With social media and now AI, its important to keep the indie web alive. There are many people who write frequently. Blogosphere tries to highlight them by fetching the recent posts from personal blogs across many categories. There are two versions: Minimal (HN-inspired, fast, static): https://text.blogosphere.app/ Non-minimal: https://blogosphere.app/ If you don't find your blog (or your favorite ones), please add them. I will review and approve it. Comments URL: https://news.ycombinator.com/item?id=47625952 Points: 418 # Comments: 129
Lisette — Rust syntax, Go runtime
Comments
TDF ejects its core developers
Article URL: https://meeksfamily.uk/~michael/blog/2026-04-02-tdf-ejects-core-devs.html Comments URL: https://news.ycombinator.com/item?id=47625639 Points: 112 # Comments: 78
H.264 Streaming Fees: What Changed, Who's Affected, and What It Means
Article URL: https://www.streamingmedia.com/Articles/ReadArticle.aspx?ArticleID=173935 Comments URL: https://news.ycombinator.com/item?id=47625385 Points: 18 # Comments: 5
What are you doing this weekend?
Feel free to tell what you plan on doing this weekend and even ask for help or feedback. Please keep in mind it’s more than OK to do nothing at all too!
Bun: cgroup-aware AvailableParallelism / HardwareConcurrency on Linux
Article URL: https://github.com/oven-sh/bun/pull/28801 Comments URL: https://news.ycombinator.com/item?id=47625311 Points: 33 # Comments: 12
Idiomatic Lisp and the nbody benchmark
Comments
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it. Cynomi's new guide, Securing the Modern Perimeter: The Rise of Third-Party
'Fatal decision': EU slammed for caving to US pressure on digital rules
Article URL: https://www.politico.eu/article/fatal-decision-eu-slammed-for-caving-to-us-pressure-on-digital-rules/ Comments URL: https://news.ycombinator.com/item?id=47625244 Points: 34 # Comments: 13
Switzerland hosts 'CERN of semiconductor research'
Article URL: https://www.swissinfo.ch/eng/swiss-ai/switzerland-hosts-cern-of-semiconductor-research/91015332 Comments URL: https://news.ycombinator.com/item?id=47624879 Points: 20 # Comments: 4
Adobe wrote to my hosts file
Comments
SSH certificates: the better SSH experience
Comments
Category Theory Illustrated – Types
Article URL: https://abuseofnotation.github.io/category-theory-illustrated/06_type/ Comments URL: https://news.ycombinator.com/item?id=47624804 Points: 43 # Comments: 1
Tree Calculus
13 points, 2 comments on Hacker News
Show HN: European alternatives to Google, Apple, Dropbox and 120 US apps
Article URL: https://only-eu.eu/en/ Comments URL: https://news.ycombinator.com/item?id=47624741 Points: 246 # Comments: 89
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles