CVE-2026-48710 BadHost: Starlette Flaw Hits AI Agents
A host-header injection flaw in Starlette — the ASGI core behind FastAPI and most of Python’s AI serving stack — lets unauthenticated attackers ...
Wasp Drops Its Custom Language — TypeScript SDK Ships Now
Wasp framework is replacing its 5-year-old custom DSL with a TypeScript SDK. Here is what ...
CSS Anchor Positioning: Replace Floating UI With CSS
CSS Anchor Positioning hit Baseline 2026 with full support in Chrome, Firefox, and Safari. Here's ...
KernelScript 0.1: Write eBPF Without the Ritual
KernelScript 0.1 collapses eBPF's painful two-file setup into a single type-safe DSL. Here's what it ...
Node.js 26 node:ffi: Call Native C Libraries Without C++ Addons
Node.js 26.1 ships node:ffi — a built-in FFI for calling native C libraries without C++ ...
Tailwind CSS v4.3: Native Scrollbars, Webpack 2x Faster, New Palettes
Tailwind CSS v4.3 ships native scrollbar utilities that kill the plugin dependency, a webpack build path that runs 2x faster, and four new ...
WebMCP: Make Your Website an AI Agent Tool (Chrome 149)
WebMCP is Google's new browser standard that lets websites declare callable tools for AI agents. ...
Chromium’s Unfixed Service Worker Flaw Creates Browser Botnets
Google accidentally leaked PoC exploit code for a 42-month-old Chromium flaw that silently turns browsers ...
Go to Rust Migration 2026: Real Data, Real Trade-offs
The corrode.dev Go-to-Rust guide hit HN this week as Bun hit 99.8% test pass on ...
Next.js 13 CVEs: Upgrade to 15.5.18 or 16.2.6 Now
Vercel patched 13 Next.js vulnerabilities on May 7, including SSRF, middleware auth bypass, and React ...