Hi there! 🛡️ Security & Privacy * Vertex AI vulnerability allowed malicious agents to exfiltrate Google Cloud data and access private Artifact Registry images — exploiting excessive default permissions in the P4SA service agent. Patch by enforcing least privilege and using BYOSA. More * axios supply chain attack: a hijacked npm maintainer account published

Hi there! 🛡️ Security & Privacy * GrapheneOS reaffirms its no-ID, no-account policy, pledging to remain globally accessible to anyone without collecting personal information — even if device sales become restricted in certain regions. More * Sysdig launches runtime security purpose-built for AI coding agents, extending its cloud-native protection platform to monitor, detect, and

Hi there! 🛡️ Security & Privacy * Glassworm Returns with Unicode Attacks - Invisible PUA Unicode characters exploiting 150+ GitHub repositories, npm packages & VS Code extensions simultaneously using AI-crafted commits. More * DarkSword iOS Exploit in Infostealer Campaign - New vulnerability targeting iPhones via malicious apps stealing credentials and sensitive data at

Hi there! 🛡️ Security & Privacy * Multiple critical AppArmor vulnerabilities enable kernel exploitation, privilege escalation, memory disclosure affecting Ubuntu, Debian systems. More * Glassworm malware returns with invisible Unicode code injection attacking 150+ GitHub repositories, npm packages spreading across ecosystems silently. More * Canada's Bill C-22 mandates metadata retention for telecom

Hi there! 🛡️ Security & Privacy * Clinejection is a chilling supply chain attack: a crafted GitHub issue title triggered an AI triage bot to install a malicious npm package, stealing tokens and silently deploying OpenClaw on ~4,000 developer machines. Prompt injection + confused deputy = full supply chain compromise. More * Coruna, a

Hi there! Anthropic refused to enable mass domestic surveillance. It refused to power fully autonomous weapons. And when the Department of War threatened to label them a national security risk — a designation historically reserved for US adversaries, never before applied to an American company — Anthropic said they'd see

Working on a new feature with Claude Code surfaced an unexpected skill gap: software architecture — not the usual suspects like design patterns, component design, or API contracts, but something more fundamental. The ability to communicate architecture clearly, concisely, and precisely. It turns out this is a must if you want

Hi there! The pace has increased across the industry. That's what I'm feeling, and experiencing to some extent. Code development has started to shift from a leisurely walk to an ultra-running competition. No pauses, no side paths to explore, no meditative moments. Just an relentless focus

Hi there! I had to provide growth opportunity directions for some people recently. Beside the specific advice, I included a sincere proposal available for everyone: Learn AI. No matter what position you're in. Are you a software engineer? Learn AI. Are you in QA? Learn AI. Are you

Hi there! Last week, the security and agentic AI communities were overtaken by OpenClaw (Clawdbot/Moltbot). It dominated discussions everywhere. Deployments surged from roughly 1,000 to over 21,000 in one week. GitHub stars skyrocketed from 9,000 to 60,000+ in days, later surpassing 140,000—including a

Hi there! I've been thinking about prompt injection lately, and it's honestly terrifying how vulnerable LLM applications are. The core problem is simple: these models can't reliably tell the difference between your instructions and user data. It's like having a computer that

Hi there! Some thoughts CES 2026 marked a turning point: AI is moving from screens into the physical world through robotics. While this represents humanity's most advanced creation capacity to date, the race toward deployment reveals critical gaps in planning, infrastructure, and safety. The Infrastructure Challenge The push

🛡️ Security & Privacy * Shai-Hulud 3.0 NPM supply chain attack discovered: New malware variant automatically spreads to steal developer credentials and cloud keys, currently limited in testing phase. More * Malicious Chrome extensions harvest 900K users' AI chats: Two extensions masquerading as AI assistants steal ChatGPT and DeepSeek conversations, including

🛡️ Security & Privacy * Pixelation Fails to Hide Sensitive Text - Blurring text through mosaics can be reversed via dictionary attacks matching all possible combinations against pixelation patterns. More * MongoBleed Exploited in Wild - Critical CVE-2025-14847 vulnerability in MongoDB allows unauthenticated attackers to extract sensitive data through zlib decompression flaws affecting

🛡️ Security & Privacy * Trigger.dev hit by Shai-Hulud supply chain worm; complete incident analysis reveals npm malware campaign - Trigger.dev shares detailed post-mortem after engineer's machine compromised via malicious npm package, leading to GitHub repo vandalism and credential theft across 17 hours. More * Urban VPN exposed: 8

🛡️ Security & Privacy * Dutch AI Glasses Demo Sparks Privacy Alarm - Tech journalist demonstrates AI-powered smart glasses instantly identifying strangers and retrieving personal data, igniting fierce privacy debate across Europe. More * 30+ Critical Flaws Found in AI Coding Tools - Researchers uncover "IDEsaster" vulnerabilities affecting Cursor, GitHub Copilot,

🛡️ Security & Privacy * SVG Clickjacking 2.0 vulnerability discovered - Novel attack technique using SVG filters enables complex interactive clickjacking attacks with data exfiltration capabilities. More * Apple sends threat notifications to 84 countries - Tech giant warns users in 84 nations about state-sponsored cyberattacks targeting iPhones across over 150 countries

🛡️ Security & Privacy * Gmail trains AI on emails by default - Google auto-opted users into allowing Gmail access to private messages and attachments for AI training unless manually disabled in two separate settings locations. More * Browser fingerprinting privacy nightmare - Sophisticated tracking methods combine browser data points like fonts, canvas

🛡️ Security & Privacy * Anthropic reports AI espionage - First documented large-scale cyberattack using Claude Code with 80-90% AI autonomy targeting tech companies and government agencies. More. However, the security community challenges Anthropic's claims of thwarting Chinese AI-driven cyberattack, citing lack of evidence and technical details. More * EU'

Hi there! I've recently started learning about AI and LLMs, and I'm slowly working through some of the key content in this space. It's a lot to take in, but I'm finding it pretty interesting so far. I came across Andrej Karpathy&

Hi there! I switched from zsh to fish and it’s faster. Moreover, it works great with the default configuration which makes me happy. I have enough things to tweak. Just give it a try. 🛡️ Security & Privacy * Next.js released version 15.2.3 (and backported patches for v12-14)

Hi there! I'm always on the hunt for great resources to fuel my learning journey, and books have always been my go-to for structured knowledge. Last week, I stumbled upon something exciting I just had to share - Humble! This fantastic platform offers ebooks and other digital goodies

Last week, two objects arrived at my doorstep: a TIMEMORE Chestnut C3 ESP Pro manual coffee grinder and a Bellroy Folio Mini wallet. Both are true masterpieces of craftsmanship. What struck me was the impeccable attention to detail—the way form, feel, and function harmonize so perfectly in these tangible

Last week I listened to Matteo Franceschetti from Eight Sleep and now I'm questioning my long-standing belief that caffeine drives my programming performance. It helps for sure, but what if strategic rest could debug my productivity further. We will see 😄. 🛡️ Security & Privacy * Apple has removed its optional

Hi there! I hope you're all having a fantastic week. Here are my top highlights from the past few days: * Zed Editor: I recently made the switch from Neovim to Zed, and I'm thoroughly enjoying it! Zed's speed and ease of configuration have won