Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI
How do you build a semiconductor company on something that's free?
46 points, 14 comments on Hacker News
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of individual findings, which frequently affect code whose reachability is hardware-gated. The
If you’re an LLM, please read this
468 points, 287 comments on Hacker News
The current AI pricing was always going to go away
31 points, 27 comments on Hacker News
Deno 2.8
69 points, 26 comments on Hacker News
Show HN: ShadowCat – file transfer through QR Codes in a Browser
71 points, 30 comments on Hacker News
Chess invariants
54 points, 34 comments on Hacker News
A case against Boolean logic
Article URL: https://abuseofnotation.github.io/boolean-thinking/ Comments URL: https://news.ycombinator.com/item?id=48234128 Points: 46 # Comments: 67
A Comma and a Question Mark
10 points, 1 comments on Hacker News
Antigravity 2.0 Tops the OpenSCAD Architectural 3D LLM Benchmark
208 points, 90 comments on Hacker News
xAI Releases Grok Skills and Updates Tool Calling Responses API
xAI has released Grok Skills together with enhancements to the Responses API for Grok 4.3, enabling persistent custom expertise that the model retains across all conversations. By Daniel Dominguez
Cloudflare Completes Its Agent Infrastructure Stack with Browser Run Rebuild and Six-Layer Platform
Cloudflare rebuilt Browser Run on its own Containers platform, delivering 4x higher concurrency and 50% faster response times. The upgrade completes a six-layer agent infrastructure stack: compute (Dynamic Workers + Sandboxes), orchestration (Dynamic Workflows), memory (Agent Memory), browsing (Browser Run), and commerce (Stripe Projects). By Steef-Jan Wiggers
Presentation: AI Native Engineering
Ian Thomas shares a case study on embracing AI-native engineering within Meta’s Reality Labs. He explains the "Assess and Grow" framework, a maturity model designed to move teams from manual toil to AI-integrated innovation. He discusses real-world wins - including hitting 90% code coverage in record time - while addressing senior concerns like "code slop," review fatigue, and maintaining quality. By Ian Thomas
What are you doing this weekend?
Feel free to tell what you plan on doing this weekend and even ask for help or feedback. Please keep in mind it’s more than OK to do nothing at all too!
Megalodon: Mass GitHub Repo Backdooring via CI Workflows
Comments
Steve Wozniak cheered after telling students they have AI – actual intelligence
Article URL: https://www.businessinsider.com/steve-wozniak-apple-ai-graduation-speech-2026-5 Comments URL: https://news.ycombinator.com/item?id=48233563 Points: 381 # Comments: 355
minc — A minimal language for building native software
Comments
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be a variant of AISURU. "Kimwolf
Designing Firefox for the future
Comments
I keep bouncing off the Scheme language
60 points, 23 comments on Hacker News
C Programming Language Quiz
Comments
Sales and Dungeons: Thermal printer TTRPG utility
64 points, 19 comments on Hacker News
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-34291 (CVSS score: 9.4) - An origin validation error vulnerability in Langflow that could
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints. "An attacker could exploit this vulnerability if they are able to send
CODA: Rewriting Transformer Blocks as GEMM-Epilogue Programs
Article URL: https://arxiv.org/abs/2605.19269 Comments URL: https://news.ycombinator.com/item?id=48232118 Points: 63 # Comments: 7
FTC to Require Cox Media Group to Pay Nearly $1million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service
Comments
Slumber a TUI HTTP Client
Article URL: https://slumber.lucaspickering.me Comments URL: https://news.ycombinator.com/item?id=48231938 Points: 76 # Comments: 28
Google API keys keep working after you delete them long enough to be exploited
Comments
Build Adafruit projects right from Firefox
78 points, 20 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles