▸ US healthcare marketplace websites embedded tracking pixels that transmitted applicants' citizenship status, race, and income data to advertising plat...
▸ Cloudflare now lets AI agents programmatically create accounts, purchase domains via Stripe, and deploy full applications — no human in the loop requi...
▸ When LLMs screen resumes, they systematically prefer resumes generated by LLMs over equivalent human-written ones — even when qualifications are ident...
▸ Mercury, the fintech startup handling billions in deposits, runs one of the largest known production Haskell codebases at roughly 2 million lines.
▸ The most reliable AI agents use traditional control flow (loops, conditionals, state machines) to orchestrate LLM calls — not longer or cleverer promp...
▸ The EU is framing VPN usage as a bypass mechanism that undermines its age verification mandates, signaling potential regulatory action against privacy...
▸ Security researcher demonstrated that Microsoft Edge holds all saved passwords in plaintext in process memory, not just the one you're actively using.
▸ The two established vulnerability cultures — coordinated disclosure (report privately, wait for patch) and full disclosure (publish immediately to for...
▸ Bun has begun porting its core from Zig to Rust, as evidenced by a commit in oven-sh/bun that's drawn 400+ upvotes on Hacker News.
▸ A new universal Linux local privilege escalation vulnerability dubbed 'Dirtyfrag' was publicly disclosed on the oss-security mailing list on May 7, 20...
▸ A merged VS Code PR changed the default setting to insert 'Co-Authored-By: GitHub Copilot' into every git commit, regardless of whether Copilot actual...
▸ Apple accidentally shipped CLAUDE.md instruction files inside the Apple Support app, exposing how they integrate Anthropic's Claude into internal tool...
▸ De Nederlandsche Bank (DNB) is migrating off AWS to STACKIT, a cloud platform built by Schwarz Group — the parent company of Lidl and Kaufland.
▸ CVE-2026-31431 exploits a flaw in PostgreSQL's COPY sub-protocol, where a malformed CopyFail message triggers memory corruption during the COPY state ...
▸ Cloudflare is migrating its own core services onto the Workers platform — dogfooding at infrastructure scale.
▸ The Keep Android Open campaign is rallying developers against Google's accelerating lockdown of Android via Play Integrity API enforcement and sideloa...
▸ GitHub is replacing Copilot's $10/month individual and $19/month business flat-rate plans with a usage-based model that meters premium model requests ...
▸ Mitchell Hashimoto is migrating Ghostty — one of the most-starred terminal emulators on GitHub — to a self-hosted forge, citing platform limitations t...
▸ Tweede Golf's viral post (352 HN points) catalogs the async features Rust still hasn't shipped — but the real story is in the workarounds production t...
▸ Semgrep researchers discovered a malicious dependency in the PyTorch Lightning AI training library, themed after Dune's sandworms ('Shai-Hulud').