Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
I’ve joined Anthropic
Article URL: https://twitter.com/karpathy/status/2056753169888334312 Comments URL: https://news.ycombinator.com/item?id=48194352 Points: 312 # Comments: 106
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it was a duplicate of a vulnerability that had
Why is almost everyone right-handed?
Article URL: https://www.ox.ac.uk/news/2026-05-15-why-is-almost-everyone-right-handed-the-answer-may-lie-in-how-we-learned-to-walk Comments URL: https://news.ycombinator.com/item?id=48194098 Points: 4 # Comments: 2
Tristan Davey's Punch Card Archive
6 points, 1 comments on Hacker News
Type out the code
Comments
What would you want from a forge?
(This is more or less open ended, but sorta directed to users of Jujutsu and other version control systems. However, if you have a workflow with pure Git that isn't covered by many major forges, I'd appreciate hearing them too!) I'm referring to features related to version control and the presentation/behavior of repositories itself, rather than things like SPA/JS vs server-rendered HTML, etc. There have been many ideas in this space, such as Tangled, GitHub's stacked PRs, forgefed, etc., but I haven't found a place where people really voice their opinions and discuss on the design itself. While stacked PRs/MRs, alternative collaboration models, etc., are definitely on-topic, I've found almost no discussion on, e.g., the presentation of tags/commits/tree/blobs themselves, which seem to be largely uniform across forges other than minor formatting differences.
Agoda Builds Multimodal Content System to Bridge Images and Reviews in Travel Discovery
Agoda Multimodal Content System https://example.com/agoda-multimodal-content-system Agoda unifies hotel images and guest reviews using a shared topic taxonomy, enabling multimodal retrieval across 700M+ images and multilingual reviews with offline enrichment and low-latency serving. By Leela Kumili
Iran demands Big Tech pay fees for undersea Internet cables in Strait of Hormuz
Article URL: https://arstechnica.com/tech-policy/2026/05/iran-demands-big-tech-pay-fees-for-undersea-internet-cables-in-strait-of-hormuz/ Comments URL: https://news.ycombinator.com/item?id=48193578 Points: 46 # Comments: 34
Show HN: I made a 3D pose maker for artists
Article URL: https://setpose.com/ Comments URL: https://news.ycombinator.com/item?id=48193474 Points: 35 # Comments: 16
The Super Tiny Compiler, but in Ada
Comments
OpenBSD 7.9
Article URL: https://www.openbsd.org/79.html Comments URL: https://news.ycombinator.com/item?id=48192882 Points: 211 # Comments: 113
Announcing Claude Managed Agents on Cloudflare
Cloudflare has integrated with Anthropic's Claude Managed Agents to provide a fast, isolated execution environment for autonomous code delivery. This means builders can scale agent workflows globally while strictly controlling access to private backends and easily customizing their agent’s tools and runtimes.
Software's Centaur Era
Comments
The Death of the Brick and Mortar Toy Store
43 points, 30 comments on Hacker News
Presentation: Powering the Future: Building Your GenAI Infrastructure Stack
Merrin Kurian shares the architectural blueprints and organizational processes behind Intuit’s AI transformation. She explains the "fixed, flexible, free" framework used to scale GenOS across 8,000 developers, enabling 3,500+ production experiments. She discusses critical agent failure modes, the "LLM-as-a-judge" evaluation strategy, and how to build "tool-ready" APIs for the future. By Merrin Kurian
My domain got abused on Github Pages
Comments
Colonization of Venus
Article URL: https://en.wikipedia.org/wiki/Colonization_of_Venus Comments URL: https://news.ycombinator.com/item?id=48192410 Points: 86 # Comments: 49
U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub
Article URL: https://gizmodo.com/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330 Comments URL: https://news.ycombinator.com/item?id=48192397 Points: 70 # Comments: 14
Show HN: Forge – Guardrails take an 8B model from 53% to 99% on agentic tasks
125 points, 43 comments on Hacker News
New accessibility features powered by Apple Intelligence
Article URL: https://www.apple.com/newsroom/2026/05/apple-unveils-new-accessibility-features-and-updates-with-apple-intelligence/ Comments URL: https://news.ycombinator.com/item?id=48192224 Points: 292 # Comments: 152
TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages
TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious package versions in just six minutes, exposing developers and CI/CD systems to credential theft and malware propagation. By Craig Risi
The Unreasonable Effectiveness of ProseMirror Model in Rich Text Transformation
Comments
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a
Advancing content provenance for a safer, more transparent AI ecosystem
OpenAI advances AI content provenance with Content Credentials, SynthID, and a verification tool to help people identify and trust AI-generated media.
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days," the maintainers of the PHP-based content management system (CMS) said. "Not all configurations are
Gaussian Splat of a Strawberry
Article URL: https://superspl.at/scene/84df8849 Comments URL: https://news.ycombinator.com/item?id=48191602 Points: 308 # Comments: 129
All the bugs they found
23 points, 4 comments on Hacker News
The Windows DLL loader lock: how a Rust thread can hang your JVM
Comments
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network,"
Article: Kernel-Level Ground Truth: Why eBPF is Replacing User-Space Agents for Security Observability
eBPF is emerging as a preferred method for security observability over traditional user-space agents. By attaching probes directly to the Linux kernel's syscall interface, it provides consistent visibility even during container-level compromises. eBPF reduces security-related CPU consumption and limits data volume by performing filtering at the kernel level, enhancing operational efficiency. By Niranjan Sharma
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles