CA DATA NIGHTは、サイバーエージェントが主催するデータサイエンスに特化した技術者向けの勉 ...

newmoではフロントエンドとバックエンドの通信をGraphQLで行っています。GraphQLのスキーマは、フロントエンドとバックエンドが合意した唯一の正しい定義、いわば「正となる単一の情報源(Single Source of Truth)」です。このスキーマを正として、開発と自動テストの両方をここから組み立てたい。その基盤として@newmo/graphql-fake-serverを自作してOSSとして公開しています。 このライブラリは、スキーマを正としたまま、2つの使い方を1つのサーバで両立します。1つはスキーマに@example* directiveを書くだけで値が返るDeclarativ…

Node-RED 5.0 is now available to install. If upgrading, please read the upgrade instructions.

<p>Given how badly burned anyone who took Apple's <a href="https://simonwillison.net/2024/Jun/10/apple-intelligence/">2024 WWDC Apple Intelligence announcements</a> at face value was, I'm holding to a strict "I'll believe it when I see it" policy for everything <a href="https://www.apple.com/newsroom/2026/06/apple-unveils-next-generation-of-apple-intelligence-siri-ai-and-more/">they announced today</a>. </p><p>The new Siri AI features do at least look f...

こんにちは！AI事業本部/協業リテールメディアにてPdMをしております三浦です。 先日、CyberA ...

Safari Technology Preview Release 245 is now available for download for macOS Tahoe and macOS Sequoia.

An attacker hijacked a co-founder's GitHub account for gpt-pilot, a 33K-star AI coding tool, and force-pushed a credential-stealing Shai-Hulud payload to the main branch. The ruff Python linter caught formatting and lint violations in the malicious code and blocked the CI build -- twice. The attacker gave up.

Welcome to WWDC26.

Safari 27 beta is here.

Newer packages in this compromise use native extensions and .pth loaders to execute JavaScript stealers in developer environments.

On June 8, 2026, multiple Graph ML PyPI packages in the bioinformatics ecosystem were compromised in the Hades campaign, deploying cross-platform memory scrapers, AI prompt injections to misdirect scanners, and a token-revocation wiper.

Find the answers to some of the most common GitHub-related questions.The post GitHub for Beginners: Answers to some common questions appeared first on The GitHub Blog.

NGINX Ingress Controller 5.5 brings full support for mTLS in Ingress objects! This blog post gives a more in-depth overview of our GitHub deployment examples and shows how to configure both our new ingress and egress mTLS Policy CRDs in NGINX Ingress Controller using annotations. Ingress mTLS Ingress mTLS configures how NGINX verifies client certificates […]

Here's a brand new approach to creating staggered animations in CSS using a single progress value, allowing for smooth linkage to various inputs like scrolling. By utilizing a mathematical formula, it enhances control over animated elements without isolating their timelines, making animations more versatile and scrubbable.

I've said one and mean another, and I've used one when I needed another. Comparing scroll-driven animations, scroll-triggered animations, container query scroll states, and view transitions for my future self.Scroll-Driven, Scroll-Triggered, Scroll States, and View Transitions originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Cloudflare customers can now use Cloudforce One threat intelligence directly within the WAF to block high-risk traffic. By using new cf.intel fields, security teams can automate protection against specific threat actors and targeted industries in real time.

My Take on AI as of June 2026. Most people say AI kills the creativity and the fun in building. I want to offer the other side: managing agents feels a lot like the tech lead job I already loved.

Every month, routes tens of trillions of tokens between production applications and AI labs, giving us visibility into what AI usage actually looks like, separate from leaderboards and benchmarks. We publish the data monthly in the AI Gateway production index. AI GatewayLast month, headlines about blown token budgets dominated tech news: its annual Claude Code budget shortly after Q1 and Amazon to curb unproductive tokenmaxxing. While runaway cost is a real problem, this month’s report shows tha

大規模なネイティブアプリの開発では、新しい技術を知っているだけでは足りません。難しいのは、それを歴史ある現場へどう適用するかです。ユーザー影響の大きいプロダクトでは、素早く価値を届ける「アジリティ（速...

WASI P3 is almost here, bringing native async support to the WebAssembly System Interface (WASI) and Component Model. In this post, we’re looking to the next big milestone: a stable, formally specified Component Model 1.0. At February’s Bytecode Alliance Plumbers Summit, Luke Wagner and Alex Crichton gave a preview of what the path to a stable 1.0 actually looks like. At Wasm I/O 2026 in Barcelona in March, Luke expanded on that vision. So let’s take a look at where the Component Model is headin

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent-edit/releases/tag/0.1a0">datasette-agent-edit 0.1a0</a></p> <p>I'm planning several plugins for <a href="https://agent.datasette.io/">Datasette Agent</a> which can make edits to existing pieces of text - things like collaborative Markdown editing, updating large SQL queries, and editing SVG files.</p><p>Agentic editing of text is a little tricky to...

カミナシエンジニアの osuzu です。 「状態管理にどのライブラリを使うか」への違和感 Reactの状態管理の話になると、だいたいライブラリの比較から始まります。少し前なら Redux か Zustand か Jotai か、最近だと TanStack Query と React Hook Form を組み合わせれば残りはわずか、みたいな話が多い印象です。 ただ、読んでいてどこか議論がかみ合わない感じがずっとありました。 理由はたぶんシンプルで、その問いは手前にすべきモデリングを飛ばしているからだと考えてます。 ライブラリ起点・コンポーネント起点はなぜこじれるのか フロントの状態管理でやりが…

AI もすなるコードレビューといふものを、人間もしてみむとてするなり。 — AI 紀貫之 AI がコードを書くようにはなっても基本的には人間がレビューする生活を続けているので, いま何を考えてどうしているかをスナップショットとして書いておきます. 仕事 メンタルモデルとして AI コーディングエージェントを単なる道具としてみなしていた時代は, 人間(A): タスクに着手, コーディングを AI に指示, 検収 AI: 人間(A)の代わりにコードを書く 人間(B): 人間(A)が書いたコードとしてレビューする というような構造だったんですが, これは人間(A)の検収と人間(B)のレビューが実質的…

Socket found 37 malicious PyPI wheels that abuse Python startup hooks to launch a Bun-powered credential stealer tied to Mini Shai-Hulud/Miasma.

AI SAST is emerging as a new SAST category, but the meaning is unclear. We clarify the difference between AI-native SAST and AI-assisted SAST, as well as how AI SAST sits in the stack between traditional SAST and AI pentesting.Category: DevSec Tools & Comparisons

On June 5, 2026, the Miasma worm campaign reached Microsoft's Azure GitHub organizations. GitHub disabled 73 repositories across four Microsoft GitHub organizations after a malicious commit was pushed to the Azure/durabletask repository using a previously compromised contributor account. The attack planted configuration files that execute a credential-harvesting payload when a developer opens the repository in Claude Code, Gemini CLI, Cursor, or VS Code.

Three malicious versions of Microsoft's official durabletask Python SDK were published to PyPI on May 19, 2026. The compromised package silently downloads and executes a 28 KB payload that steals credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations, then spreads laterally through cloud infrastructure. The payload skips systems with a Russian locale, a hallmark of Eastern European cybercrime operations. The attack has been linked to the TeamPC

<p><strong>Release:</strong> <a href="https://github.com/simonw/micropython-wasm/releases/tag/0.1a2">micropython-wasm 0.1a2</a></p> <p>I added a CLI to <code>micropython-wasm</code> (<a href="https://github.com/simonw/micropython-wasm/issues/7">issue #7</a>), inspired by the first draft of <a href="https://simonwillison.net/2026/Jun/6/micropython-in-a-sandbox/">the blog entry</a> when I realized it would be a great wa...

<p>I've been experimenting with different approaches to running code in a sandbox for several years now, but my latest attempt feels like it might finally have all of the characteristics I've been looking for. I've released it as an alpha package called <a href="https://github.com/simonw/micropython-wasm">micropython-wasm</a>, and I'm using it for a code execution sandbox plugin for <a href="https://github.com/datasette/datasette-agent">Datasette Agent</a> called &...

Vitest の `isolate: false` オプションを有効にすることで、テストの実行時間を大幅に短縮できましたが、その際に大規模なコードの修正が必要でした。Claude Code の `/goal` コマンドを活用することで、最終的なゴールを達成するために必要なステップを自律的に判断して実行させることができます。この記事ではその経験について紹介します。

AI increases engineering speed, but it also increases the cost of poor context. The best teams will not be the ones that generate the most code; they will be the ones that preserve enough understanding to review, operate, and own what they ship. Context stewardship is what keeps AI-assisted work from accelerating away from human judgment.

Every time I bet on myself instead of taking a paycheck, and what each one taught me.

<p><strong><a href="https://help.openai.com/en/articles/20001061-lockdown-mode">OpenAI Help: Lockdown Mode</a></strong></p>OpenAI first teased this <a href="https://openai.com/index/introducing-lockdown-mode-and-elevated-risk-labels-in-chatgpt/">in February</a>, but now it's live and "rolling out to eligible personal accounts, including Free, Go, Plus, and Pro, and self-serve ChatGPT Business accounts":</p><blockquote><p>Lockdown...

Most programming languages follow a familiar trajectory: early experimental releases, rapid iteration, and then – at some point – a 1.0 version that signals stability and the potential for serious adoption. Zig hasn’t followed that well-trodden path. What could be the reason? Andrew Kelley quit his job in 2018 to build a programming language. Eight […]

AI Gateway now features real-time spend limits to prevent runaway token bills across multiple AI providers. By integrating with Cloudflare Access, companies can use identity-driven budgets and policies.

Using @counter-style for tricky visual effects like word rotation and obfuscation.

eyeballIncredibly addictive game. Best to use a mouse/trackpad than a touch device to give yourself a chance too!Dollar Slice Surf Report, New York CityA cool project by Scott Jehl as, using pen, pencil, Procreate and Figma as a much needed antidote to the slop era.Speaker feedsFFconf have a huge library of previous talks and speakers. Now, you can discover their RSS feeds and follow them. Handy!Let's get creativeFolks love it when we share indexes of cool stuff, so here's another!Protecting Blu

<blockquote cite="https://ladybird.org/posts/changing-how-we-develop-ladybird/"><p>We will no longer accept public pull requests. [...]</p><p>A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds. [...]</p><p>Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users...

Zed は Rust で書かれたネイティブアプリケーションで、非常に高速な動作と軽量な設計が特徴の新しいエディタです。この記事では、Zed のインストール方法と、実際に使ってみて感じた主要な機能や特徴について紹介していきたいと思います。

RubyGems and Bundler 4.0.13 introduced an opt-in cooldown feature that delays newly published gems during dependency resolution.

Renovateのクラウド版はメモリや実行時間の制限があるため、GitHub Actionsを使ったSelf Host版に切り替える方法やコストについて

now supports drives in private beta. Drives are persistent, attachable storage with a lifecycle independent from any sandbox.Vercel SandboxCreate a drive once, then mount it at a configurable path when starting a sandbox. When the sandbox stops, the drive remains available to attach to a later sandbox.Install the beta () or beta (), then create and mount a drive:SDKCLI@vercel/sandbox@betasandbox@betaSandbox Drives are useful for:During the private beta, a drive can be mounted read-write by one s

100ms deploys from Claude Code, Codex & Cursor

The API is now available. Authenticate with your project's and start querying more than 600,000 skills from across the open-source ecosystem.skills.shVercel OIDC tokenSearch for skills, pull detailed info on any one, check its security audit, and more.Vercel issues a short-lived token scoped to your team and project, rotated automatically, so there's no long-lived secret to leak or rotate. On each request, skills.sh verifies the token and applies a rate limit of 600 requests per minute per team

<p><strong><a href="https://charitydotwtf.substack.com/p/ai-enthusiasts-are-in-a-race-against">AI enthusiasts are in a race against time, AI skeptics are in a race against entropy</a></strong></p>Charity Majors neatly captures the dynamic between AI enthusiasts and AI skeptics, both of whom are trying to build great software, often in the same teams:</p><blockquote><p>The enthusiasts are <em>not wrong</em>. We are starting to see...

こんにちは。カミナシで「カミナシ 設備保全」の開発を行っている澤木です。今回はフロントエンドのコンポーネントディレクトリの構成、特に「ネストを深くしないために何をやっているか」という話をご紹介したいと思います。 feature-basedなディレクトリ構成 まず前提として私たちのチームでは機能（feature）単位でディレクトリを切り、各featureの中をさらにcomponents / hooks / contexts / model / repositoryといった責務ごとのディレクトリに分けるスタイルを採用しています。現在のフロントエンドの実装では一般的な構成かと思います。 featur…

See how CKEditor AI uses adaptive context to send the LLM only what each request needs - cutting token cost and latency on large documents.

The proliferation of agentic workflows means developers now regularly grant AI tools direct access to their infrastructure, use services that act autonomously, and build on platforms that themselves use AI to operate. We’ve updated our Terms of Service and Marketplace terms to clarify shared responsibility when actions on your account may be taken by AI, whether Vercel's own or a third-party tool you've connected, as well as other important updates detailed below.Vercel's platform increasingly i

self-replicating worm is spreading across the npm registry using binding.gyp, a file that triggers code execution during npm install without touching package.json scripts. The attack bypasses conventional security tools and has already compromised dozens of packages across multiple maintainer accounts.

<blockquote cite="https://www.404media.co/google-employees-internally-share-memes-about-how-its-ai-sucks/"><p>After this story was published Google's spokesperson reached out and asked us to publish a slightly different version of that statement. The new statement no longer stated that "it's critical that we maintain humans in the loop."</p></blockquote><p class="cite">— <a href="https://www.404media.co/google-employees-internally-share-memes-about-how...

If you’ve ever built your own client-side navigation that properly respects updating URLs, you’ve probably used history.pushState() a bunch, and it’s a bunch of work getting it robust and right. I think Jay Rungta does a good job of showcasing the newly-baseline Navigation API and why it’s better. Sorry for the huge blockquote, but it’s […]

GitHub Universe is back: returning to the historic Fort Mason Center in San Francisco on October 28–29, 2026.The post GitHub Universe is back: All together now, in the agentic era appeared first on The GitHub Blog.

We dive again into CSS Pie Charts! This time, Author Antoine Villepreux delivers semantic and flexible charts without a single line of JS.Another Stab at the Perfect CSS Pie Chart… Sans JavaScript! originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

VoidZero, the team behind Vite, Vitest, Rolldown, Oxc, and Vite+, is joining Cloudflare. Vite stays open source, vendor-agnostic, and built for everyone.

Just as with every aspect of my life, I find it hard to identify my software development skills. At my heart, I am a developer, though I spent way too much time as a high school senior fretting about whether or not I’d become an engineer. On paper, my job title has been product owner for almost the same amount of time as engineer/developer, but I was still writing code and reviewing PRs. Then comes the question of what kind of developer am I? Web developer? Mobile developer? Front-end? Full-stac

Today we're releasing Multigres v0.1 alpha to the open source community, bringing Vitess-grade horizontal scaling, high availability, and operational simplicity to Postgres.

Supabase has raised a $500M Series F at a $10B pre-money valuation, led by GIC.

Nemotron 3 Ultra from Nvidia is now available on .Vercel AI GatewayNemotron 3 Ultra is an open Mixture-of-Experts reasoning model built for orchestrating long-running agent workflows, with a 1M token context window. The model targets multi-turn agent workflows: planning, tool use, sub-agent delegation, and error recovery. Throughput reaches up to 350 tokens per second, with up to 30% lower cost on agentic tasks.To use Nemotron 3 Ultra, set model to in the .nvidia/nemotron-3-ultra-550b-a55bAI SDK

pnpm 11.5 now recognizes npm staged publish approvals in release metadata, preventing those releases from being mistaken for lower-trust package publishes.

検索やレコメンドは、ユーザーに必要な情報を届けるための仕組みです。しかし、その裏側を支える基盤開発は、単なるAPI実装でも、モデルを載せるだけの仕事でもありません。サービスごとに異なる要件、急増するト...

Nx Cloud recently shipped optimized resource classes and Continuous Assignment for Nx Agents. Benchmarked against GitHub Actions on a large monorepo, wall-clock time dropped 74% and cost per run fell 30%.

The skimmer never loads from a domain the attacker controls. The loader, the payload, and the stolen cards all flow through two domains every store already trusts: Google Tag Manager and Stripe.Bo...

Why OAuth works the way it does: authorization codes, token expiry, and PKCE explained from first principles.

TL;DR: We are excited to announce that VoidZero is joining Cloudflare. Vite, Vitest, Rolldown, Oxc, and Vite+ will remain open-source and MIT-licensed. Evan and the rest of the VoidZero team will continue to lead these projects, with Cloudflare fully committed to supporting our mission.

You can now create a start building a production-ready storefront in minutes.Shopify store directly from Vercel and to automatically configure your Shopify credentials in Vercel. Create a free test store, build with and deploy without leaving your workflow. When you're ready to launch, you can claim the store and take ownership of it.Install the Shopify integrationv0Coming soon: Connect an existing Shopify store to Vercel.Get started by installing , , or to start building your next .Shopify from

Get ready for a summer of sport with our new personalizable merch.

こんにちは、ソフトウェアエンジニアの渡邉（匠）です。「カミナシ 設備保全」の開発に携わっています。ゴールデンウィークが明けて1ヶ月ほどが経過し、休暇モードからやっと仕事モードに戻ってきました。 このプロダクトは開発開始から約2年が経ちました。バックエンドは長いあいだ presentation / domain / repository の3層で書いてきましたが、最近これにユースケース層を加えた4層へと再構成しました。 この記事では、なぜ最初から4層にしなかったのか、そしてなぜ今になって構成を取り直したのか、を書きます。 シンプルに始めた 当初のバックエンドは presentation / do…

BGP is vulnerable to routing hijacks and path leaks that negatively impact traffic on the Internet. RPKI helps solve some of these problems, but for some forged paths, we need to rely on a simpler mechanism: First AS enforcement in BGP.

@counter-style is useful for replacing the ::marker of lists easily, but it controls any markers-of-counters, so we can use it for more.

The offset-path property in CSS defines a movement path for an element to follow during animation.This property began life as motion-path. This, and all other related motion-* properties, are being renamed offset-* in the spec. We’re changing …offset-path originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The CSS @custom-media at-rule allows creating aliases for media queries.@custom-media originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The @function at-rule defines CSS custom functions. These custom functions are reusable blocks of CSS that can accept arguments, contain complex logic, and return values based on that logic. @function originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Practical guide on how to reduce drifts, minimize mistakes, maintain context, and improve the quality of AI-generated prototypes. Brought to you by Design Patterns For AI Interfaces, **friendly video course on UX** and design patterns by Vitaly.

<p><strong><a href="https://www.bloomberg.com/news/articles/2026-06-02/uber-caps-usage-of-ai-tools-like-claude-code-to-cut-costs">Uber Caps Usage of AI Tools Like Claude Code to Manage Costs</a></strong></p>I wrote <a href="https://simonwillison.net/2026/May/27/product-market-fit/#the-ai-failure-stories-around-this-are-pretty-thin">the other day</a> about Uber blowing its 2026 AI budget in four months, and how that wasn't particularly surprising g...

Tenable Nessus is a powerful scanner, but powerful tools that nobody uses don't make software more secure. Compare five alternatives built for how engineering teams actually work.Category: DevSec Tools & Comparisons

From Chrome 150 you can seamlessly transition a PWA to a new same-site origin.

Get a preview of the next Chrome release with this post detailing the features in the current beta.

Federal audit finds NIST lacked a plan to clear the NVD backlog, wasted funds on duplicate work, and delayed use of CISA data.

As I write this, we’re about 7 sixteenths through 2026, and it’s about 14 sixteenths through the day.For the sixteenth issue of the Taper online magazine, I split time into sixteenths to think about its passage in a different way.The code, which had to be under 2048 bytes, isn’t terribly complex. It does some date math and uses a Go server for minification. If you want, here’s the unminified source code.Go check out all the other entries from this issue! My favorites include "[SIC]", “Desperate

Why we chose Astro for teaching Content APIs and Web APIs in the CMD Amsterdam Web Design & Development minor.

PostgreSQL can query any data source directly: CSV files, other databases, REST APIs, and more.

A four-phase playbook for moving off Auth0, Cognito, Clerk, or Firebase without a 2 AM incident.

Set up roles and permissions, verify session JWTs, and protect your FastAPI routes with dependency injection.

Your existing logging infrastructure is necessary but not sufficient. Here's what's missing and why it matters.

You can now generate through the Vercel CLI.Session TracesUse the new command to generate an OpenTelemetry trace to the specified endpoint from the terminal. vercel curl --traceUse the new command to fetch the generated trace by request ID.vercel traces getAvailable on all plans.Update the Vercel CLI to the latest version and run to get started. Learn more about the vercel curl --trace CLI command.vercel curlRead more

Grok Imagine Video 1.5 from xAI is now available on AI Gateway. The model generates video from an input image with synchronized audio in a single pass.This release improves audio quality, prompt following, and photorealism. Face accuracy and character consistency are stronger across longer sequences, with better lighting and physical realism in the output. Reference image support has been expanded to give more control over visual style and subject.To use this model, set model to in the AI SDK. C

はじめに カミナシでエンジニアリングマネージャーをしてます、すずけん（@szk3）です。 唐突ですが、皆さん AWSのエミュレーター使ってますか？ 自チームのプロダクトはS3、DynamoDB、STS、IAM あたりの AWS サービスに依存していて、ローカル開発やテストではこれらのエミュレーターを使っています。ただ、歴史的な背景からリポジトリには LocalStack、RustFS、Moto の 3 種が混在していて、用途ごとに考えることが地味に増えてしまった状態でした。 この記事では、その 3 種を Moto に統一した経緯と、検討した他の候補、そして移行から少し経った今でも次の選択肢を検…

<p>Microsoft <a href="https://microsoft.ai/news/building-a-hillclimbing-machine-launching-seven-new-mai-models/">announced two new text LLMs</a> this morning - <strong><a href="https://microsoft.ai/news/introducing-mai-thinking-1/">MAI-Thinking-1</a></strong> (reasoning, 1T parameters, 35B active, available to "select early partners") and <strong><a href="https://microsoft.ai/news/introducingmai-code-1-flash/">MAI-Code-1-Flash</a></...

EDR and proxies weren't built for supply chain malware. When malicious code arrives through npm install, it looks like normal behavior. Here's why that matters.Category: News

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent-micropython/releases/tag/0.1a0">datasette-agent-micropython 0.1a0</a></p> <p>I want <a href="https://agent.datasette.io">Datasette Agent</a> to be able to generate and execute Python code safely. This alpha is looking promising so far. GPT-5.5 has so far failed to break out of the sandbox!</p> <p>Tags: <a href="https://simonwillison.net/tags/pyt...

<p><strong>Release:</strong> <a href="https://github.com/simonw/micropython-wasm/releases/tag/0.1a1">micropython-wasm 0.1a1</a></p> <p>Fixes for some limitations that emerged while I was trying to use this to build <code>datasette-agent-micropython</code>.</p> <p>Tags: <a href="https://simonwillison.net/tags/python">python</a>, <a href="https://simonwillison.net/tags/sandboxing">sandboxing</a>, <a href=...

<p><img src="https://static.inaturalist.org/photos/671786719/large.jpg" alt="California Brown Pelican"></p><p>California Brown Pelican, in Fort Mason, CA, US</p><p>I'm at the <a href="https://build.microsoft.com/">Microsoft Build</a> conference today, held at <a href="https://en.wikipedia.org/wiki/Fort_Mason">Fort Mason</a> in San Francisco. There are California Brown Pelicans diving into the water directly behind venue!</p> <...

Several packages in the @redhat-cloud-services npm scope were found to carry malicious payloads that fire via a preinstall hook on every npm install. The affected versions span multiple packages across the RedHat Cloud Services frontend ecosystem. The payload is a sophisticated multi-stage credential harvester that targets GitHub Actions secrets, AWS, GCP, Azure, Kubernetes, HashiCorp Vault, npm tokens, and CircleCI tokens

On May 22, 2026, an attacker with push access to the Laravel-Lang GitHub organization rewrote every git tag across multiple popular Composer packages within a single 15 minute window. Anyone running composer update or installing fresh against laravel-lang/http-statuses, laravel-lang/actions, or laravel-lang/attributes now pulls a payload that exfiltrates CI secrets to a typosquatted attacker domain. StepSecurity confirmed end to end exploitation in an isolated runner and has filed security issue

Dev Machine Guard now scans IDE extensions across VS Code, Cursor, Windsurf, JetBrains IDEs, Android Studio, Eclipse, and Xcode on macOS, Windows, and Linux. Get a unified inventory, extension risk scoring, typosquat detection, and compromised extension visibility across your entire developer fleet.

Nx Console VS Code Extension Compromised

CKEditor is now HIPAA-aligned, adding healthcare-grade controls on top of SOC 2 Type II. See what's in scope, who benefits, and how it cuts vendor risk.

At Microsoft Build 2026, GitHub introduced new tools, updates, and surfaces so agents can work the way you already work.The post GitHub Copilot app: The agent-native desktop experience appeared first on The GitHub Blog.

記事は ics.media へアクセスしてご覧ください。

Toolbox App 3.5 focuses on making daily work smoother and managed development environments easier to monitor. The app now supports interface zooming with familiar shortcuts, provides OpenTelemetry metrics for enterprise remote development connections, and handles several long-standing reliability issues more gracefully. Remote development observability The Toolbox App now emits OpenTelemetry metrics for remote development connection […]

Personally, I wouldn’t blame you if you were asked what CSS needs these days and you were like uhm, I think it’s good, actually. These days CSS probably has more in it than you even know about or have tried, making it feel not particularly lacking. But if you really dig into the specifics, you’ll […]

The CSS ::search-text pseudo-element selects the matching text from your browser's "find in page" feature. ::search-text originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

NGINX Ingress Controller 5.5 introduces some significant performance improvements in startup times! A few months ago, a community member noticed that NGINX Ingress Controller deployments with a large number of Ingress resources were experiencing longer-than-expected startup times. In clusters with hundreds or thousands of resources spread across many namespaces, the controller could take several minutes […]