Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
A game with programmable space combat written in Go
Comments
Show HN: Flight-Viz – 10K flights on a 3D globe in 3.5MB of Rust+WASM
I built a real-time flight tracker that renders 10,000+ aircraft on an interactive 3D globe, entirely in the browser using Rust compiled to WebAssembly. Comments URL: https://news.ycombinator.com/item?id=47603966 Points: 57 # Comments: 30
AI for American-Produced Cement and Concrete
Article URL: https://engineering.fb.com/2026/03/30/data-center-engineering/ai-for-american-produced-cement-and-concrete/ Comments URL: https://news.ycombinator.com/item?id=47603737 Points: 56 # Comments: 44
NASA Artemis II moon mission live launch broadcast
Article URL: https://plus.nasa.gov/scheduled-video/nasas-artemis-ii-crew-launches-to-the-moon-official-broadcast/ Comments URL: https://news.ycombinator.com/item?id=47603657 Points: 129 # Comments: 54
Live: Artemis II Launch Day Updates
827 points, 739 comments on Hacker News
What Is Copilot Exactly?
Article URL: https://idiallo.com/blog/what-is-copilot-exactly Comments URL: https://news.ycombinator.com/item?id=47603231 Points: 61 # Comments: 37
Timesliced reservoir sampling: a new(?) algorithm for profilers
Comments
Show HN: Real-time dashboard for Claude Code agent teams
This project (Agents Observe) started as an exploration into building automation harnesses around claude code. I needed a way to see exactly what teams of agents were doing in realtime and to filter and search their output. A few interesting learnings from building and using this: - Claude code hooks are blocking - performance degrades rapidly if you have a lot of plugins that use hooks - Hooks provide a lot more useful info than OTEL data - Claude's jsonl files provide the full picture - Lifecycle management of MCP processes started by plugins is a bit kludgy at best The biggest takeaway is how much of a difference it made in claude performance when I switched to background (fire and forget) hooks and removed all other plugins. It's easy to forget how many claude plugins I've installed and how they effect performance. The Agents Observe plugin uses docker to start the API and dashboard service. This is a pattern I'd love to see used more often for security (think Axios hack) reasons.
StepFun 3.5 Flash is #1 cost-effective model for OpenClaw tasks (300 battles)
Article URL: https://app.uniclaw.ai/arena?tab=costEffectiveness&via=hn Comments URL: https://news.ycombinator.com/item?id=47602879 Points: 78 # Comments: 29
EmDash – a spiritual successor to WordPress that solves plugin security
Article URL: https://blog.cloudflare.com/emdash-wordpress/ Comments URL: https://news.ycombinator.com/item?id=47602832 Points: 239 # Comments: 140
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors, tracked as UAC-0255, sent emails on March 26 and 27, 2026, posing as CERT-UA to distribute a password-protected ZIP archive
The OpenAI Graveyard: All the Deals and Products That Haven't Happened
Article URL: https://www.forbes.com/sites/phoebeliu/2026/03/31/openai-graveyard-deals-and-products-havent-happened-openai/ Comments URL: https://news.ycombinator.com/item?id=47602565 Points: 127 # Comments: 80
Ask HN: Who is hiring? (April 2026)
Please state the location and include REMOTE for remote work, REMOTE (US) or similar if the country is restricted, and ONSITE when remote work is not an option. Please only post if you personally are part of the hiring company—no recruiting firms or job boards. One post per company. If it isn't a household name, explain what your company does. Please only post if you are actively filling a position and are committed to replying to applicants. Commenters: please don't reply to job posts to complain about something. It's off topic here. Readers: please only email if you are personally interested in the job. Searchers: try http://nchelluri.github.io/hnjobs/, https://hnjobs.emilburzo.com, or this (unofficial) Chrome extension: https://chromewebstore.google.com/detail/hn-hiring-pro/mpfal.... Don't miss this other fine thread: Who wants to be hired? https://news.ycombinator.com/item?id=47601858 Comments URL: https://news.ycombinator.com/item?id=47601859 Points: 110 # Comments: 92
Run multiple agents at once with /fleet in Copilot CLI
/fleet lets Copilot CLI dispatch multiple agents in parallel. Learn how to write prompts that split work across files, declare dependencies, and avoid common pitfalls. The post Run multiple agents at once with /fleet in Copilot CLI appeared first on The GitHub Blog.
The Cathedral, the Bazaar, and the Winchester Mystery House
8 points, 2 comments on Hacker News
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It's currently not known what lures the threat actors use to trick users into
Linear types proposal for Hare
Comments
Is BGP safe yet?
Article URL: https://isbgpsafeyet.com/ Comments URL: https://news.ycombinator.com/item?id=47600382 Points: 196 # Comments: 67
Our ongoing commitment to privacy for the 1.1.1.1 public DNS resolver
Eight years ago, we launched 1.1.1.1 to build a faster, more private Internet. Today, we’re sharing the results of our latest independent examination. The result: our privacy protections are working exactly as promised.
Block the Prompt, Not the Work: The End of "Doctor No"
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache &
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro in
Show HN: Sycamore – next gen Rust UI library powered by fine-grained reactivity
5 points, 0 comments on Hacker News
Wasmer (YC S19) Is Hiring – Rust and DevRel Positions
Article URL: https://www.workatastartup.com/companies/wasmer Comments URL: https://news.ycombinator.com/item?id=47599673 Points: 0 # Comments: 0
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard. "Use-after-free in Dawn in Google Chrome prior
A Mysterious Numbers Station Is Broadcasting Through the Iran War
Article URL: https://www.wired.com/story/a-mysterious-numbers-station-is-broadcasting-through-the-iran-war/ Comments URL: https://news.ycombinator.com/item?id=47599510 Points: 20 # Comments: 6
Random numbers, Persian code: A mysterious signal transfixes radio sleuths
https://www.wired.com/story/a-mysterious-numbers-station-is-... Comments URL: https://news.ycombinator.com/item?id=47599510 Points: 73 # Comments: 78
coreutils: a comprehensive review (2023)
Comments
Don't Let AI Write For You
Comments
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising alarms. Most
SQLite DB: simple, in-process, reliable, fast (2024)
Comments
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles