npm Typosquatting: 14 Packages Steal Your AWS and CI/CD Secrets
14 malicious npm packages impersonating OpenSearch and ElasticSearch stole AWS credentials, Vault tokens, and CI/CD secrets from developers. Check, rotate, harden — now.
VS Code 1.122: Offline AI Without GitHub Sign-In
VS Code 1.122 ships BYOK without GitHub auth, device emulation, and richer OTel signals. Here ...
Statewright: State Machine Guardrails for AI Agents
Your AI coding agent is failing in production, and the model isn’t the problem. The ...
Claude Opus 4.8 in GitHub Copilot: Better Code Reasoning, Same Price
Claude Opus 4.8 is now in GitHub Copilot for Pro+, Business, and Enterprise users. Here's ...
Bun v1.3.14: HTTP/3, Built-in Image API, and 7x Faster Installs
Bun v1.3.14 ships HTTP/3 server support with a single config flag, a native Bun.Image API ...
Cursor 3.6 Auto-review: Fewer Prompts, Safer Agents
Cursor 3.6 ships Auto-review Run Mode: a classifier subagent that handles risky shell, MCP, and fetch calls so your agent runs longer without ...
pnpm 11.2: Rust Backend Ships, Installs Could Be 2x Faster
pnpm 11.2 ships pacquet, the official Rust install backend, as an experimental opt-in. Learn what ...
Google ADK 2.0: Graph Workflows Ship, LangGraph Has a Fight
Google ADK 2.0 ships a graph-based workflow runtime at I/O 2026. Here’s what changed, the ...
Docker Model Runner CVE-2026-5843: Two Flaws That Let a Bad Model Own Your Mac
Two high-severity CVEs in Docker Model Runner let any container execute code on your macOS ...
Mistral Vibe Is Here: Le Chat Becomes a Full Coding Agent
Mistral renamed Le Chat to Vibe on May 28 and shipped a coding agent with ...