Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Even More Tagged Union Subsets with Comptime
Comments
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code editors like VS Code, Cursor, and JetBrains. The VS Code extension has more than 2.2 million installations. The Open
Mounting Git commits as folders with NFS
14 points, 4 comments on Hacker News
Vite Version 8: Unified Rust-Based Bundler and Up to 30x Faster Builds
Vite 8.0 introduces a significant architectural change, migrating from a dual-bundler setup to a single Rust-based bundler called Rolldown. This update enhances build speeds, reporting reductions from 46 seconds to 6 seconds in some projects. The release includes developer experience improvements and maintains compatibility with the existing plugin ecosystem. By Daniel Curtis
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,
Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised
Article URL: https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/ Comments URL: https://news.ycombinator.com/item?id=48189368 Points: 92 # Comments: 44
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly
PyTorch Landscape
Article URL: https://pytorch.landscape2.io Comments URL: https://news.ycombinator.com/item?id=48189178 Points: 45 # Comments: 8
Show HN: Hsrs – Type-Safe Haskell Bindings Generator for Rust
Hey everyone! I've been working on hsrs, a type-safe Haskell Bindings Generator for Rust. I couldn't really find any bindings generator that would create type-safe, rich bindings for Haskell from Rust. Naturally, both languages have rich type systems, so I was amazed that no awesome bindings generator already existed, hence I decided to write my own. hsrs feels very similar to pyo3 and napi-rs, and if you've used those, hsrs will feel right at home. What's unique about hsrs as opposed to hs-bindgen is that it has type-safe bindings for rich types, like Result, Maybe, etc. while also generating Haskell bindings. The repo contains a minimal example, and more details are available in the haskell discourse: https://discourse.haskell.org/t/ann-hsrs-ergonomic-haskell-b... Comments URL: https://news.ycombinator.com/item?id=48189044 Points: 31 # Comments: 2
LLMCap – A proxy that hard-stops LLM API calls when you hit a dollar cap
Article URL: https://www.llmcap.io/ Comments URL: https://news.ycombinator.com/item?id=48188996 Points: 18 # Comments: 15
Bornagain.com
7 points, 1 comments on Hacker News
Peter Neumann has died
Article URL: https://www.tuhs.org/pipermail/tuhs/2026-May/033748.html Comments URL: https://news.ycombinator.com/item?id=48188787 Points: 108 # Comments: 6
Peter Salus has died
Article URL: https://www.tuhs.org/pipermail/tuhs/2026-May/033750.html Comments URL: https://news.ycombinator.com/item?id=48188665 Points: 53 # Comments: 4
Spork: A posix_spawn you can use as a fork
Comments
War Game Exposed U.S. Vulnerability to Low-Tech Warfare
Article URL: https://nsarchive.gwu.edu/news/2024-11-01/rigged-war-game-exposed-us-vulnerability-low-tech-warfare Comments URL: https://news.ycombinator.com/item?id=48188506 Points: 5 # Comments: 3
The American Rebellion Against AI Is Gaining Steam
Article URL: https://www.wsj.com/tech/ai/the-american-rebellion-against-ai-is-gaining-steam-94b72529 Comments URL: https://news.ycombinator.com/item?id=48188310 Points: 57 # Comments: 47
New features in GCC 16: Improved error messages and SARIF output
11 points, 0 comments on Hacker News
The last six months in LLMs in five minutes
Article URL: https://simonwillison.net/2026/May/19/5-minute-llms/ Comments URL: https://news.ycombinator.com/item?id=48188183 Points: 52 # Comments: 10
An Apple (II) for Teacher
32 points, 6 comments on Hacker News
Pope Leo XIV’s first encyclical Magnifica humanitas to be published May 25
Article URL: https://www.vaticannews.va/en/pope/news/2026-05/pope-leo-xiv-first-encyclical-magnifica-humanitas.html Comments URL: https://news.ycombinator.com/item?id=48187201 Points: 141 # Comments: 84
Introducing Casuarina Linux: A glibc-Based Chimera Linux Derivative
Comments
Click (2016)
Article URL: https://clickclickclick.click/ Comments URL: https://news.ycombinator.com/item?id=48187054 Points: 227 # Comments: 53
LoRA and Weight Decay (2023)
22 points, 0 comments on Hacker News
Comprehensive Response to Bambu's AGPLv3 Violations
Comments
Programming as Theory Building (1985)
Comments
Alignment pretraining: AI discourse creates self-fulfilling (mis)alignment
Article URL: https://arxiv.org/abs/2601.10160 Comments URL: https://news.ycombinator.com/item?id=48185938 Points: 29 # Comments: 12
Who will buy your services if you fire us all?
32 points, 5 comments on Hacker News
The just-say-no engineer was a ZIRP phenomenon
Comments
CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
No More JetBrains Products for Me
Article URL: https://matthewkosarek.xyz/posts/jetbrains/ Comments URL: https://news.ycombinator.com/item?id=48185188 Points: 81 # Comments: 100
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles