Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
Setting up a free *.city.state.us locality domain
Article URL: https://fredchan.org/blog/locality-domains-guide/ Comments URL: https://news.ycombinator.com/item?id=48122635 Points: 107 # Comments: 18
JEP 533 Tightens Exception Handling in Java's Structured Concurrency for JDK 27
JEP 533, Structured Concurrency, has reached integrated status for JDK 27. It refines exception handling and type safety in its API, particularly focusing on exception flow with a new ExecutionException type. Changes include an updated Joiner interface and a new open overload for easier configuration. The steady evolution signals ongoing development as feedback shapes the API. By A N M Bazlur Rahman
C++26: Standard library hardening
Comments
The nuclear-physics infrastructure behind PET scans
28 points, 1 comments on Hacker News
The US is winning the AI race where it matters most: commercialization
Article URL: https://avkcode.github.io/blog/us-winning-ai-race.html Comments URL: https://news.ycombinator.com/item?id=48121929 Points: 132 # Comments: 368
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability
Designing a Custom Query Language for Non-Technical Analysts
Comments
The Most Emacs Bzr Saga
Comments
ESP-EEG is an affordable 8-channel biosensing board
31 points, 8 comments on Hacker News
Browser Run: now running on Cloudflare Containers, it’s faster and more scalable
We’ve enabled higher usage limits, faster performance, better reliability, and increased shipping velocity for our Browser Run product by rebuilding on top of Cloudflare’s Containers. Here’s how.
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of
Dutch suicide prevention website shares data with tech companies without consent
Article URL: https://nltimes.nl/2026/05/13/dutch-suicide-prevention-hotline-shares-visitor-data-tech-companies Comments URL: https://news.ycombinator.com/item?id=48121299 Points: 193 # Comments: 131
YellowKey Bitlocker Bypass Vulnerability
Comments
Why I'm leaving GitHub for Forgejo
Article URL: https://jorijn.com/en/blog/leaving-github-for-forgejo/ Comments URL: https://news.ycombinator.com/item?id=48121266 Points: 300 # Comments: 167
Sovereign Tech Fund invests over €1 million in KDE software development
Comments
Presentation: What I Learned Building Multi-Agent Systems From Scratch
Paulo Arruda discusses Shopify’s evolution in AI adoption, moving from simple chat tools to a sophisticated swarm of specialized agents. He explains the transition from massive "all-in-one" prompts to lean, narrow-focused agent microservices that slash task times from hours to minutes. He also shares a future-looking hypothesis on using filesystem-based adapters to solve context bloat. By Paulo Arruda
Substrate (YC S24) Is Hiring a Technical Success Manager
Article URL: https://www.ycombinator.com/companies/substrate/jobs/T2fMBhD-technical-success-manager Comments URL: https://news.ycombinator.com/item?id=48120776 Points: 0 # Comments: 0
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece of toast. You get so many alerts that you eventually start to ignore them. The real danger? While
I Moved My Digital Stack to Europe
Article URL: https://monokai.com/articles/how-i-moved-my-digital-stack-to-europe/ Comments URL: https://news.ycombinator.com/item?id=48120629 Points: 576 # Comments: 389
Most Remediation Programs Never Confirm the Fix Actually Worked
Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear
Using OR-Tools CP-SAT for Scheduling Problems
Article URL: https://atalaykutlay.com/or-tools-cp-sat-for-scheduling-problems.html Comments URL: https://news.ycombinator.com/item?id=48120351 Points: 46 # Comments: 8
Erlang/OTP 29.0 Release
Comments
Building a safe, effective sandbox to enable Codex on Windows
Learn how OpenAI built a secure sandbox for Codex on Windows, enabling safe, efficient coding agents with controlled file access and network restrictions.
An update on East River Source Control availability
Comments
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by
Dart Live, a compiler, VM, analyzer and hot reload on the web via Wasm
I managed to get the Dart VM to compile to WebAssembly so that I can compile Dart programs in the browser. Dart ships with a basic ARM interpreter and by using that, hot reload works directly in the browser. It's 7.6 MB gzipped and there's no server running behind it, so I was able to host it directly on github pages. https://github.com/modulovalue/dart-live Comments
MacBook Neo Review: The Laptop For The Rest Of Us
Comments
Article: The Mathematics of Backlogs: Capacity Planning for Queue Recovery
Backlogs in distributed systems are arithmetic problems, not mysteries. This article provides practical formulas for calculating backlog drain time, sizing consumer headroom, and setting auto-scaling triggers. It covers key failure modes — retry amplification, metastable states, and cascading pipeline bottlenecks — plus when to shed load instead of draining. By Rajesh Kumar Pandey
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed for mass developer compromise," Socket said. "Many have little or no download activity, and the payloads are repetitive,
Grafana's Pyroscope 2.0 Makes Continuous Profiling Practical at Scale
Grafana Labs has launched Pyroscope 2.0, a rearchitected open-source continuous profiling database. This version improves storage costs, query performance, and operational complexity. Key changes include single write paths for profiles, stateless query processing, and enhanced capabilities for profiling data. It supports the OpenTelemetry Protocol, aligning with current trends in observability. By Matt Saunders
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles