Engineering &
Security Wire
Curated from Hacker News, Lobsters, Krebs on Security, and other top sources. Updated every 6 hours.
The Most Emacs Bzr Saga
Comments
ESP-EEG is an affordable 8-channel biosensing board
31 points, 8 comments on Hacker News
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of
Browser Run: now running on Cloudflare Containers, it’s faster and more scalable
We’ve enabled higher usage limits, faster performance, better reliability, and increased shipping velocity for our Browser Run product by rebuilding on top of Cloudflare’s Containers. Here’s how.
Dutch suicide prevention website shares data with tech companies without consent
Article URL: https://nltimes.nl/2026/05/13/dutch-suicide-prevention-hotline-shares-visitor-data-tech-companies Comments URL: https://news.ycombinator.com/item?id=48121299 Points: 193 # Comments: 131
YellowKey Bitlocker Bypass Vulnerability
Comments
Why I'm leaving GitHub for Forgejo
Article URL: https://jorijn.com/en/blog/leaving-github-for-forgejo/ Comments URL: https://news.ycombinator.com/item?id=48121266 Points: 300 # Comments: 167
Sovereign Tech Fund invests over €1 million in KDE software development
Comments
Presentation: What I Learned Building Multi-Agent Systems From Scratch
Paulo Arruda discusses Shopify’s evolution in AI adoption, moving from simple chat tools to a sophisticated swarm of specialized agents. He explains the transition from massive "all-in-one" prompts to lean, narrow-focused agent microservices that slash task times from hours to minutes. He also shares a future-looking hypothesis on using filesystem-based adapters to solve context bloat. By Paulo Arruda
Substrate (YC S24) Is Hiring a Technical Success Manager
Article URL: https://www.ycombinator.com/companies/substrate/jobs/T2fMBhD-technical-success-manager Comments URL: https://news.ycombinator.com/item?id=48120776 Points: 0 # Comments: 0
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece of toast. You get so many alerts that you eventually start to ignore them. The real danger? While
I Moved My Digital Stack to Europe
Article URL: https://monokai.com/articles/how-i-moved-my-digital-stack-to-europe/ Comments URL: https://news.ycombinator.com/item?id=48120629 Points: 576 # Comments: 389
Most Remediation Programs Never Confirm the Fix Actually Worked
Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear
Using OR-Tools CP-SAT for Scheduling Problems
Article URL: https://atalaykutlay.com/or-tools-cp-sat-for-scheduling-problems.html Comments URL: https://news.ycombinator.com/item?id=48120351 Points: 46 # Comments: 8
Erlang/OTP 29.0 Release
Comments
Building a safe, effective sandbox to enable Codex on Windows
Learn how OpenAI built a secure sandbox for Codex on Windows, enabling safe, efficient coding agents with controlled file access and network restrictions.
An update on East River Source Control availability
Comments
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by
Dart Live, a compiler, VM, analyzer and hot reload on the web via Wasm
I managed to get the Dart VM to compile to WebAssembly so that I can compile Dart programs in the browser. Dart ships with a basic ARM interpreter and by using that, hot reload works directly in the browser. It's 7.6 MB gzipped and there's no server running behind it, so I was able to host it directly on github pages. https://github.com/modulovalue/dart-live Comments
MacBook Neo Review: The Laptop For The Rest Of Us
Comments
Article: The Mathematics of Backlogs: Capacity Planning for Queue Recovery
Backlogs in distributed systems are arithmetic problems, not mysteries. This article provides practical formulas for calculating backlog drain time, sizing consumer headroom, and setting auto-scaling triggers. It covers key failure modes — retry amplification, metastable states, and cascading pipeline bottlenecks — plus when to shed load instead of draining. By Rajesh Kumar Pandey
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed for mass developer compromise," Socket said. "Many have little or no download activity, and the payloads are repetitive,
Grafana's Pyroscope 2.0 Makes Continuous Profiling Practical at Scale
Grafana Labs has launched Pyroscope 2.0, a rearchitected open-source continuous profiling database. This version improves storage costs, query performance, and operational complexity. Key changes include single write paths for profiles, stateless query processing, and enhanced capabilities for profiling data. It supports the OpenTelemetry Protocol, aligning with current trends in observability. By Matt Saunders
AWS WorkSpaces Now Lets AI Agents Operate Legacy Desktop Applications Without APIs
AWS announced that Amazon WorkSpaces can now serve as managed virtual desktops for AI agents in public preview. Agents authenticate through IAM and operate legacy applications via computer vision and input simulation without APIs. Reflex benchmarks show vision agents consume 45x more tokens than API agents. By Steef-Jan Wiggers
SecurityBaseline.eu
Article URL: https://internetcleanup.foundation/2026/05/european-governments-3000-tracking-sites-1000-phpmyadmins-and-99pct-poorly-encrypted-email-introducing-securitybaseline-eu/ Comments URL: https://news.ycombinator.com/item?id=48118763 Points: 149 # Comments: 61
The Emacsification of Software
135 points, 87 comments on Hacker News
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables "persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise," the company said. The feature, it
England Runestones
49 points, 16 comments on Hacker News
A detailed introduction to Kakoune for the aspiring power user
Comments
Partial static single information form
Comments
Aggregated from public RSS feeds & the Hacker News API · All links point to original sources · Clawship does not republish full articles