Hi there!

🛡️ Security & Privacy

• Clinejection is a chilling supply chain attack: a crafted GitHub issue title triggered an AI triage bot to install a malicious npm package, stealing tokens and silently deploying OpenClaw on ~4,000 developer machines. Prompt injection + confused deputy = full supply chain compromise. More
• Coruna, a spy-grade iOS exploit kit with 5 full exploit chains and 23 CVEs (including Operation Triangulation zero-days), was tracked from a surveillance vendor to Russian espionage and finally Chinese cybercriminals targeting crypto wallets. Update your iOS — it's ineffective against current versions. More

🛸 Tech

• Lenovo ThinkPad T14 Gen 7 and T16 Gen 5 score a perfect 10/10 on iFixit's repairability scale — the first T-series ever — featuring tool-free battery swaps, LPCAMM2 memory, modular Thunderbolt ports, and an easy keyboard replacement. More
• Claude's new Memory Import lets you copy your context from ChatGPT or any other AI and paste it into Claude's settings in seconds — so your first Claude conversation feels like your hundredth. More
• Apple's M4 Neural Engine deep-dive: Researchers reverse-engineered the ANE, bypassed CoreML, cracked the E5 binary format, and even trained a neural network on a chip Apple designed exclusively for inference. Fascinating and technically dense. More
• Obsidian Sync goes headless, enabling vault sync on servers and CI environments without launching the GUI — great for automation and self-hosted workflows. More
• Motorola at MWC 2026 announced a partnership with the GrapheneOS Foundation for hardened Android security, launched Moto Analytics (real-time enterprise device fleet insights), and added Private Image Data to Moto Secure — stripping sensitive EXIF metadata from photos automatically. More

🤖 AI

• Karpathy's microGPT is a masterpiece of minimalism: a complete GPT — tokenizer, autograd, attention, Adam optimizer — in 200 lines of pure Python, zero dependencies. GrowingSWE made an interactive visual walkthrough for beginners.
• Chrome's WebMCP enters early preview, proposing a standard browser API so websites can expose structured tools to AI agents — enabling reliable booking, support ticketing, and checkout flows without DOM scraping. More
• CMU's free Modern AI Course (10-202) is now available online, covering supervised ML, transformers, LLMs, fine-tuning, RLHF, and reasoning models — with Colab assignments and a minimal chatbot you build from scratch. More
• Claude Code creator Boris Cherny shares how he ships 20–30 PRs/day using 5 parallel Claude instances, why glob+grep beat RAG for codebase search, and how PRDs have been replaced by rapid prototyping at Anthropic. More
• OpenAI launched GPT-5.4 and Codex Security (research preview), bringing advanced code understanding and security-focused analysis to its developer tools. More
• GitHub Security Lab's open-source AI framework (Taskflow Agent) found 80+ real vulnerabilities across 40+ repos — including a Rocket.Chat auth bypass where any password worked and a WooCommerce IDOR leaking guest order PII. LLMs excel at logic/auth bugs. More
• Donald Knuth's paper on Claude has made the rounds — the legendary CS professor put Claude through its paces on cycle-related problems and documented the results in a characteristically thorough paper. More

🛠️ Tools

• Agent Safehouse sandboxes AI coding agents (Claude Code, Codex, Aider, Cline) on macOS using kernel-level sandbox-exec — deny-first, zero deps, no VMs. Your SSH keys and .env files stay invisible to agents by default. More
• GitHub Workspace CLI (googleworkspace/cli) — official CLI for Google Workspace, letting you manage Docs, Sheets, Drive, and more from the terminal. More
• Ki Editor is a multi-cursor structural (AST-based) modal editor — manipulate syntax nodes directly instead of wrestling with text. Built for refactoring-heavy workflows. More
• Logira automates GitHub issue triage using AI, categorizing and labeling issues so maintainers can focus on what matters. More
• WSL2 Distro Manager gives Windows users a clean GUI for managing, creating, and switching Linux distributions inside WSL2. More
• Plasma Bigscreen is a privacy-respecting, KDE-based open-source TV interface for Linux — controllable via TV remote (CEC), gamepad, or phone via KDE Connect. Joining the official Plasma release cycle in June 2026. More

📩 Please feel free to share this article with colleagues and friends who will find it valuable.

Thanks for reading!

Have a great day!
Bogdan