🛡️ Security & Privacy

• EU lawmakers finalize voluntary chat scanning agreement - EU Council reached agreement on Child Sexual Abuse Regulation with "voluntary" message scanning instead of mandatory requirements, though critics warn it creates infrastructure for mass surveillance through business pressure. More
• GitLab discovers widespread npm supply chain attack with dead man's switch - Malware spreading through npm packages includes worm-like propagation, credential harvesting using Trufflehog, and destructive payload that triggers data destruction if exfiltration channels are severed. More
• Apple Podcasts targeted by XSS attack attempts - Users report bizarre podcast titles with malicious links attempting cross-site scripting attacks through Apple Podcasts app, which can launch automatically without user approval on macOS. More
• OpenAI Mixpanel security incident exposes limited API user data - Third-party analytics provider Mixpanel breach exposed names, emails, and location data of OpenAI API users; ChatGPT users unaffected, company terminated Mixpanel usage immediately. More
• Code beautifiers expose credentials from banks and government organizations - Popular online code formatting tools leak sensitive credentials including API keys, database passwords, and authentication tokens from financial institutions and technology companies. More
• Google Antigravity vulnerability enables data exfiltration - Security researcher discovers Antigravity feature allows data exfiltration through carefully crafted prompts, demonstrating risks in AI-powered development tools without proper security controls. More
• AI hallucinations enable slopsquatting attacks - Attackers exploit AI tendency to hallucinate non-existent packages by creating malicious packages matching AI-suggested names, tricking developers into installing compromised dependencies. More
• Malicious SHA1-HULUD campaign targets npm ecosystem - HelixGuard AI discovers sophisticated supply chain attack exploiting npm package ecosystem with automated infection and propagation mechanisms affecting multiple popular JavaScript libraries. More
• NATO signs major Google Cloud deal for secure sovereign infrastructure - NATO establishes partnership with Google Cloud to ensure secure, sovereign cloud infrastructure for member nations, addressing data residency and security requirements. More
• OpenAI rejects "vibe coding" in favor of structured development - Company pushes back against trend of using AI for exploratory coding without proper design, emphasizing importance of architectural planning and security considerations. More

🛸 Tech

• Qualcomm delivers same-day upstream Linux support for Snapdragon 8 Elite Gen 5 - Chipmaker provides Linux kernel patches on launch day for latest mobile platform, enabling immediate development and testing on open-source distributions. More
• Zig programming language ditches GitHub for Codeberg - Project migrates to non-profit Git hosting over GitHub performance issues, AI promotion concerns, and unreliable Actions, despite losing significant GitHub Sponsors revenue. More
• Moss kernel: Rust Linux-compatible kernel for AArch64 - New Unix-like kernel written in Rust features async/await model, Linux syscall compatibility, and modern architecture supporting BusyBox commands execution. More
• Banrays: DIY glasses detect hidden cameras using IR reflection - Open-source project uses infrared LEDs and photodiodes to identify hidden cameras in smart glasses through retro-reflectivity, creating anti-surveillance wearable technology. More
• EU forces Apple to adopt Wi-Fi standards, enabling Android AirDrop support - Digital Markets Act mandates open wireless standards, leading Apple to implement Wi-Fi Aware and allowing Google Quick Share to interoperate with AirDrop. More
• Unpowered SSDs slowly lose data over time - Analysis reveals solid-state drives gradually lose stored data when unpowered due to charge leakage, with retention time varying by temperature and storage conditions. More
• Rethinking C++ architecture: concepts and responsibility - Development blog explores modern C++ design patterns, emphasizing separation of concerns and architectural best practices for maintainable codebases. More
• Git 3.0 will use main as default branch name - Next major Git release adopts "main" as standard default branch name, completing transition away from "master" terminology across version control ecosystem. More

🤖 AI

• Context engineering emerges as critical AI PM skill - OpenAI product leader explains how providing right context to language models matters more than model selection, offering frameworks for effective context engineering strategies. More
• Claude Opus 4.5 review highlights real-world performance - Analysis of Anthropic's latest model demonstrates strong performance on messy, real-world tasks with improved reasoning capabilities and handling of complex, ambiguous instructions. More
• Anthropic releases advanced tool use capabilities - Company publishes engineering guide on sophisticated tool usage patterns, demonstrating how Claude models can orchestrate multiple tools for complex multi-step workflows. More
• ChatGPT receives major shopping upgrades for Black Friday - OpenAI adds shopping-focused features including product comparisons, price tracking, and purchase assistance capabilities ahead of major shopping season. More

🛠️ Tools

• MicroCAD: web-based CAD for microelectronics - Browser-based computer-aided design tool specifically tailored for microelectronics design, offering accessible tooling for hardware development workflows. More
• Molly: hardened Signal fork with enhanced privacy features - Fully open-source Signal fork for Android adds RAM shredding, automatic locking, Tor support, and removes proprietary components for enhanced security and privacy. More
• PocketBase: open-source backend in single file - All-in-one backend solution providing database, authentication, real-time subscriptions, and file storage in single executable, simplifying full-stack development. More
• Penpot: open-source design tool for design-code collaboration - First open-source design platform integrating native design tokens, offering browser-based collaborative design with SVG/CSS/HTML output for seamless developer handoff. More
• Gemini CLI tips repository with 30+ pro techniques - Comprehensive collection of advanced techniques for using Gemini CLI effectively, covering custom commands, MCP servers, memory management, and workflow automation. More
• Kagi Orion browser focuses on privacy and performance - New browser from Kagi search engine prioritizes user privacy with built-in tracking protection, ad blocking, and performance optimizations. More
• Gitlogue: elegant Git log visualization tool - Command-line utility providing beautiful, readable Git history visualization with improved formatting and filtering capabilities for repository exploration. More
• ProtonDrive Linux client for seamless cloud sync - Community-developed Linux client for Proton Drive enables automatic file synchronization and backup on Linux distributions with end-to-end encryption support. More

🧠 Misc

• Mathematical analysis explains why focus is impossible at work - Research demonstrates how interruption frequency, recovery time, and minimum focus threshold mathematically determine productivity, offering data-driven strategies for improving deep work capacity. More
• Voyager 1 approaches one light-day distance from Earth - NASA's spacecraft will reach historic milestone November 2026 when radio signals take full 24 hours to reach it, traveling 16.1 billion miles over nearly 50 years. More
• Washington Post explores phone impact on brain health - Interactive investigation examines how smartphone usage affects cognitive function, attention spans, and mental wellbeing with research-backed analysis and mitigation strategies. More

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan