Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Researchers Wanted Preschool Teachers to Wear Cameras to Train AI
Article URL: https://www.404media.co/researchers-wanted-preschool-teachers-to-wear-cameras-to-train-ai/ Comments URL: https://news.ycombinator.com/item?id=48179569 Points: 14 # Comments: 0
RISC-V and Floating-Point
21 points, 11 comments on Hacker News
Anthropic's Code With Claude Announces Managed Agents, Proactive Workflows, Capability Curve
Anthropic hosted "Code with Claude 2026" in San Francisco, featuring livestream sessions focused on Claude Code, the Claude API platform, and other projects. Key topics included developer experience, autonomy features, model step-changes, and the impact of AI on product architecture. Discussions included insights from GitHub, Vercel, and AI-native startups on engineering strategies and challenges. By Andrew Hoblitzell
Simulated Evolution on the PICO-8
8 points, 0 comments on Hacker News
'We mould trees to grow into the shape of chairs'
114 points, 32 comments on Hacker News
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Early phishing detection closes that gap. It helps teams move from uncertainty to evidence faster,
Enough with the AI FOMO, go slow-mo, says Domo CDO
103 points, 49 comments on Hacker News
AI eats the world (Spring 26) [pdf]
Article URL: https://static1.squarespace.com/static/50363cf324ac8e905e7df861/t/6a0af5d0484fbf5fe9a7743e/1779103184855/2026-Spring-AI.pdf Comments URL: https://news.ycombinator.com/item?id=48179021 Points: 126 # Comments: 72
Java News Roundup: OpenJDK JEPs, Azul Payara, WildFly, LangChain4j, OpenXava, Google ADK
This week's Java roundup for May 11th, 2026, features news highlighting: three OpenJDK JEPs targeted for JDK 27; introducting Azul Payara Community and the WildFly wado CLI tool; point releases of LangChain4j and Google ADK; and maintenance releases of Micronaut and OpenXava. By Michael Redlich
Linux security mailing list 'almost unmanageable'
124 points, 58 comments on Hacker News
When Kierkegaard Got Cancelled
19 points, 5 comments on Hacker News
Lisp in Web-Based Applications (2001)
12 points, 1 comments on Hacker News
Voice AI Systems Are Vulnerable to Hidden Audio Attacks
25 points, 3 comments on Hacker News
Show HN: Auto-identity-remove – Automated data broker opt-out runner for macOS
295 points, 116 comments on Hacker News
Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is
Article: Building a Secure MCP Server on AWS for a Million-Company B2B Platform
We wanted to expose a B2B intelligence platform built on more than one million company profiles to an LLM client through an MCP server so a user can ask “find SaaS companies in Germany with 50-200 employees” and receive results through the LLM client. The engineering problem was: How do you make that workflow useful without creating an unsafe bridge between an LLM and production data? By Shadi Elyafi
Podcast: Context is the Key to the Agentic Architecture Revolution: A Conversation with Baruch Sadogursky
Michael Stiefel spoke to Baruch Sadogursky about software architecture in the age of agentic AI. LLM can function, albeit stochastically, as reasoning machines capable of interpreting human ambiguity. With the appropriate rigorous context artifacts to control the LLM’s reasoning, software specifications can become the source of truth, while the code becomes a disposable intermediate language. By Baruch Sadogursky
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. "External control of a file name
What are you doing this week?
What are you doing this week? Feel free to share! Keep in mind it’s OK to do nothing at all, too.
Reviving old scanners with an in-browser Linux VM bridged to WebUSB over USB/IP
23 points, 6 comments on Hacker News
Presentation: Product Thinking for Cloud Native Engineers
Stéphane Di Cesare and Cat Morris share how engineers can move from being a "cost center" to a value driver using product discovery. They explain the "Double Diamond" framework and why identifying user problems must precede building solutions. Learn to choose the right metrics, build customer empathy through shadowing, and use business context to maximize the impact of your technical work. By Cat Morris, Stéphane Di Cesare
OpenAI and Dell partner to bring Codex to hybrid and on-premise enterprise environments
OpenAI and Dell partner to bring Codex to hybrid and on-premise environments, helping enterprises deploy AI coding agents securely across data and workflows.
Find bugs in YOUR code using OpenCode, Llama.cpp and Qwen3.6
Comments
Cloudflare and Stripe Let AI Agents Create Accounts, Buy Domains, and Deploy to Production
Cloudflare and Stripe launched a protocol that lets AI agents autonomously create cloud accounts, register domains, start subscriptions, and deploy to production. Stripe handles identity and payment with a $100/month default cap. No other major cloud provider offers comparable agent-driven account provisioning. By Steef-Jan Wiggers
The foundations of a provably secure operating system (PSOS) (1979) [pdf]
3 points, 0 comments on Hacker News
FediMeteo, HAProxy, and the art of not wasting snac threads
Comments
Multiple commencement speakers booed for AI comments during graduation speeches
5 points, 0 comments on Hacker News
Germany goes from labour shortages to hiring freezes
14 points, 3 comments on Hacker News
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) "One of the packages (chalk-tempalte)
Earth's Radio Bubble: Every signal we've ever sent into space
48 points, 28 comments on Hacker News
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles