Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
MAI-Thinking-1
https://microsoft.ai/wp-content/uploads/2026/06/main_2026060... Launching seven new MAI models: https://microsoft.ai/news/building-a-hillclimbing-machine-la... Comments URL: https://news.ycombinator.com/item?id=48374362 Points: 139 # Comments: 54
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an
Microsoft announces Scout, an autonomous AI agent built on OpenClaw
https://www.microsoft.com/en-us/microsoft-365/blog/2026/06/0... https://www.404media.co/microsoft-wants-to-make-people-addic... https://www.wired.com/story/meet-microsoft-scout-your-ai-cow... (https://web.archive.org/web/20260602180553/https://www.wired...) Comments URL: https://news.ycombinator.com/item?id=48374079 Points: 65 # Comments: 58
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was
GitHub Copilot App
Article URL: https://github.com/features/preview/github-app Comments URL: https://news.ycombinator.com/item?id=48373764 Points: 85 # Comments: 56
Bringing Up DeepSeek-V4-Flash on AMD MI300X
Article URL: https://fergusfinn.com/blog/deepseek-v4-flash-mi300x/ Comments URL: https://news.ycombinator.com/item?id=48373675 Points: 62 # Comments: 6
Show HN: RePlaya – self-hosted browser session replay with live tailing
Hi HN, I'm one of the founders of s2.dev. RePlaya (https://github.com/s2-streamstore/replaya) is a self-hosted browser session replay tool using rrweb (https://github.com/rrweb-io/rrweb). It occurred to me that a durable stream per session would be a much neater architectural foundation for much of what you'd want from such a tool. As a unique feature, it also made live tailing straightforward because the player can read from the same stream the recorder is appending to. The alternative architecture is likely an ingest firehose which is then indexed, with associated complexity and latency. You'd have to string together multiple data systems like a message queue, a metadata database, and blob storage and/or an OLAP database. Here the only dependency is S2, which has an open source version you can self-host called s2-lite (https://news.ycombinator.com/item?id=46708055). How it works: - one S2 stream per browser session - large rrweb events (like a full snapshot) get framed across multipl
revo, the programming language
Comments
GitHub Copilot app: The agent-native desktop experience
At Microsoft Build 2026, GitHub introduced new tools, updates, and surfaces so agents can work the way you already work. The post GitHub Copilot app: The agent-native desktop experience appeared first on The GitHub Blog.
Self-calling executables
Comments
Trump signs downsized AI order after weeks of reversals
https://www.whitehouse.gov/presidential-actions/2026/06/prom... https://www.nytimes.com/2026/06/02/technology/trump-executiv... Comments URL: https://news.ycombinator.com/item?id=48372628 Points: 132 # Comments: 88
iddqd, or the hardest kind of unsafe Rust
Comments
How we index images for RAG
51 points, 7 comments on Hacker News
Show HN: Live breath detection and biofeedback from a phone microphone
15 points, 5 comments on Hacker News
Americans don't know how to fight AI. So they're fighting data centers
Article URL: https://www.vox.com/future-perfect/490350/data-center-moratoria-ai-backlash Comments URL: https://news.ycombinator.com/item?id=48371592 Points: 29 # Comments: 2
1-Click GitHub Token Stealing via a VSCode Bug
91 points, 13 comments on Hacker News
Meta repeatedly snubs EU body over Facebook and Instagram user bans
Article URL: https://www.bbc.com/news/articles/c152yvwjwkko Comments URL: https://news.ycombinator.com/item?id=48371224 Points: 47 # Comments: 44
Preparing for KDE Plasma's Last X11-Supported Release
Article URL: https://blog.davidedmundson.co.uk/blog/596/ Comments URL: https://news.ycombinator.com/item?id=48370588 Points: 38 # Comments: 17
Memory safety is a matter of life and death
Comments
Fidonet: Technology, Use, Tools, and History (1993)
Article URL: https://www.fidonet.org/inet92_Randy_Bush.txt Comments URL: https://news.ycombinator.com/item?id=48370291 Points: 60 # Comments: 11
A walking tour of surveillance infrastructure in Seattle
Article URL: https://coveillance.org/a-walking-tour-of-surveillance-infrastructure-in-seattle/ Comments URL: https://news.ycombinator.com/item?id=48369980 Points: 85 # Comments: 23
Expanding Project Glasswing
Article URL: https://www.anthropic.com/news/expanding-project-glasswing Comments URL: https://news.ycombinator.com/item?id=48369863 Points: 64 # Comments: 63
Presentation: The Human Toll of Incidents & Ways To Mitigate It
Kyle Lexmond explains how to handle the high-pressure environment of severe production outages. He discusses the critical distinction between mitigation and root-cause resolution, sharing personal experiences from harrowing incident rooms. He shares valuable operational strategies on overcoming cognitive overload, establishing blameless cultures, and optimizing systems for faster recovery. By Kyle Lexmond
Great Question (YC W21) Is Hiring Applied AI Interns
Article URL: https://www.ycombinator.com/companies/great-question/jobs/J5TNvQH-ai-engineer-intern Comments URL: https://news.ycombinator.com/item?id=48369098 Points: 0 # Comments: 0
Apple rejected my dictation app for using the accessibility API
Article URL: https://www.mitmllc.com/blog/apple-rejected-my-dictation-app/ Comments URL: https://news.ycombinator.com/item?id=48369088 Points: 205 # Comments: 123
OpenTelemetry Launches “Blueprints” Initiative to Simplify Enterprise Observability Adoption
OpenTelemetry has introduced a new "Blueprints" initiative aimed at reducing the growing complexity of deploying and operating observability systems at scale. By Craig Risi
Travelers deploys AI-powered claims countrywide with OpenAI
Travelers built an AI-powered Claim Assistant with OpenAI to guide customers through filing claims, provide 24/7 support, and scale operations during peak demand.
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days. The industry's
Vim Classic 8.3 released
Comments
How Leading Organizations Are Turning EDR Into Operational Resilience
Most organizations now recognize that endpoint protection alone is no longer sufficient. That's why adoption of endpoint detection and response (EDR) has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require continuous visibility into suspicious activity across the environment. But owning EDR
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles