News

1. Secret scanning extended metadata to be automatically enabled for certain repositories (github.blog)
2. Agentic memory for GitHub Copilot is in public preview (github.blog)
3. Building an agentic memory system for GitHub Copilot (github.blog)
4. When protections outlive their purpose: A lesson on managing defense systems at scale (github.blog)
5. Hierarchy view now available in GitHub Projects (github.blog)
6. GitHub Copilot bring your own key (BYOK) enhancements (github.blog)
7. What’s !important #3: Popover Context Menus, @scope, New Web Platform Features, and More (css-tricks.com)
8. Human Native is joining Cloudflare (blog.cloudflare.com)
9. Paginating large datasets in production: Why OFFSET fails and cursors win (blog.sentry.io)
10. Tails 7.4 (tails.net)
11. Copilot SDK in technical preview (github.blog)
12. GitHub Availability Report: December 2025 (github.blog)
13. Adapting the Facebook Reels RecSys AI Model Based on User Feedback (engineering.fb.com)
14. GitHub Copilot CLI: Enhanced agents, context management, and new ways to install (github.blog)
15. Community-powered security with AI: an open source framework for security research (github.blog)
16. A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here? (googleprojectzero.blogspot.com)
17. A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave (googleprojectzero.blogspot.com)
18. A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby (googleprojectzero.blogspot.com)
19. GPT-5.2-Codex is now generally available in GitHub Copilot (github.blog)
20. Playing With CodePen slideVars (css-tricks.com)
21. Coolest Projects 2026: Opens for entries in January! (www.raspberrypi.org)
22. Designing safer links: secure connectivity for operational technology (www.ncsc.gov.uk)
23. The Good, the Bad, and the Gutters (alexwlchan.net)
24. ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations (snyk.io)
25. What came first: the CNAME or the A record? (blog.cloudflare.com)
26. Logging in React Native with Sentry (blog.sentry.io)
27. SR2026 Issue 02 (studentrobotics.org)
28. .NET and .NET Framework January 2026 servicing releases updates (devblogs.microsoft.com)
29. Organization custom properties now generally available (github.blog)
30. Upcoming deprecation of select GitHub Copilot models from Claude, Google, and OpenAI (github.blog)
31. What AI is actually good for, according to developers (github.blog)
32. New fine-grained permission for artifact metadata is now generally available (github.blog)
33. Learning from Code Clubs around the world: How approaches differ but values are shared (www.raspberrypi.org)
34. Technical Deep Dive: How DigitalOcean and AMD Delivered a 2x Production Inference Performance Increase for Character.ai (www.digitalocean.com)
35. Podcast – GirlsTalkCyber – Episode 24 (tisiphone.net)
36. Who Decides Who Doesn’t Deserve Privacy? (troyhunt.com)
37. What a Year of Solar and Batteries Really Saved Us in 2025 (scotthelme.ghost.io)
38. Introducing the HTML element (developer.chrome.com)
39. What we know about Iran’s Internet shutdown (blog.cloudflare.com)
40. Not everything that breaks is an error: a Logs and Next.js story (blog.sentry.io)
41. CSS at Scale With StyleX (engineering.fb.com)
42. How to Build Android Widgets with .NET MAUI (devblogs.microsoft.com)
43. Using perceptual distance to create better headers (alexwlchan.net)
44. How We Synchronize .NET’s Virtual Monorepo (devblogs.microsoft.com)
45. Want better AI outputs? Try context engineering. (github.blog)
46. Postcard From Web Directions Dev Summit, 2025 (css-tricks.com)
47. Throttle individual network requests (developer.chrome.com)
48. FedCM updates in Chrome 143 (developer.chrome.com)
49. Meet Sentry’s 2025 Fall Interns (blog.sentry.io)
50. Instagram - 6,215,150 breached accounts (haveibeenpwned.com)
51. Hello, Anthropic (den.dev)
52. Light waves, rising tides, and drifting ships: Game Off 2025 winners (github.blog)
53. The passwords I actually memorise (alexwlchan.net)
54. Where I store my multi-factor recovery codes (alexwlchan.net)
55. BreachForums (2025) - 672,247 breached accounts (haveibeenpwned.com)
56. Introducing Multiple Registry Support on DigitalOcean Container Registry (www.digitalocean.com)
57. Wrapping Up My Latest Microsoft Chapter (den.dev)
58. Why AI is pushing developers toward typed languages (github.blog)
59. How can we teach about AI in the arts, humanities and sciences? Research seminar series 2026 (www.raspberrypi.org)
60. GDS Parish Council Domains Helper Service wins Digital Transformation award (technology.blog.gov.uk)
61. Quick-and-dirty print debugging in Go (alexwlchan.net)
62. Beyond Detection: Building a Resilient Software Supply Chain (Lessons from the Shai-Hulud Post-Mortem) (snyk.io)
63. Smashing Security – 449: How to scam someone in seven days (tisiphone.net)
64. Unity SDK 4.0.0: Console support, logs, user feedback and more (blog.sentry.io)
65. Secure and Intelligent: Queryable Encryption and Vector Search in MongoDB EF Core Provider (devblogs.microsoft.com)
66. Building the Inference Cloud, and What Comes Next (www.digitalocean.com)
67. Future CSS: :drag (and Maybe ::dragged-image?) (css-tricks.com)
68. The Government Cyber Action Plan: strengthening resilience across the UK (www.ncsc.gov.uk)
69. What shaped computing education in 2025 — and what comes next (www.raspberrypi.org)
70. What's New in WebGPU (Chrome 144) (developer.chrome.com)
71. Weekly Update 485 (troyhunt.com)
72. Secure by Default: Why Snyk and Augment Code are the New Standard for AI Development (snyk.io)
73. Trace-connected structured logging with LogTape and Sentry (blog.sentry.io)
74. Unstoppable Velocity: Why 2026 is the Year to Join DigitalOcean (www.digitalocean.com)
75. A research-led framework for teaching about models in AI and data science (www.raspberrypi.org)
76. A closer look at a BGP anomaly in Venezuela (blog.cloudflare.com)
77. What's new in DevTools, Chrome 144 (developer.chrome.com)
78. Increasing web push notification value with rate limits (developer.chrome.com)
79. WhiteDate - 6,076 breached accounts (haveibeenpwned.com)
80. Another year, another $750,000 to Open Source maintainers (blog.sentry.io)
81. One Year at PostHog (haacked.com)
82. 2025 in Review (una.im)
83. Context Is the Bottleneck in Software Development (codeopinion.com)
84. Generative AI with Large Language Models in C# in 2026 (devblogs.microsoft.com)
85. My Top 5 Recommendations on OT Cybersecurity Student Upskilling (tisiphone.net)
86. Destination Cyber Podcast on OT (tisiphone.net)
87. Astro (james.newtonking.com)
88. State of the Server 2026 (theorangeone.net)
89. The Dow's Start on the Covenant Path (kentcdodds.com)
90. Top .NET Videos & Live Streams of 2025 (devblogs.microsoft.com)
91. What’s !important #2: Conditional View Transitions, CSS/SVG Text Effects, the Best of CSS Bluesky, and More (css-tricks.com)
92. Introducing PDF Diff: Compare PDFs Privately in Your Browser (montemagno.com)
93. My favourite books from 2025 (alexwlchan.net)
94. Top .NET Blog Posts of 2025 (devblogs.microsoft.com)
95. Agentic AI, MCP, and spec-driven development: Top blog posts of 2025 (github.blog)
96. Wiz Operation Cloudfall BlackHat EU CTF (skybound.link)
97. Thoughts on leaving AWS and joining Anthropic (natemcmaster.com)
98. Bugs that survive the heat of continuous fuzzing (github.blog)
99. Introducing Oh My Posh Visual Configurator: Finally, a Drag-and-Drop Terminal Theme Builder! ✨ (montemagno.com)
100. Wiz Cloud Security Championship November 2025 (skybound.link)
101. The Holiday Whisper: Shai-Hulud 3.0 (snyk.io)
102. Weekly Update 484 (troyhunt.com)
103. Jake versus 2025 (theorangeone.net)
104. WIRED - 2,364,431 breached accounts (haveibeenpwned.com)
105. Merry Christmas Day! Have a MongoDB security incident. (doublepulsar.com)
106. Utair - 401,400 breached accounts (haveibeenpwned.com)
107. Building a Complete FIRE Calculator App with GitHub Copilot in One Chat Session (montemagno.com)
108. Медицинская лаборатория Гемотест (Gemotest) - 6,341,495 breached accounts (haveibeenpwned.com)
109. Thank You (2025 Edition) (css-tricks.com)
110. text-decoration-inset is Like Padding for Text Decorations (css-tricks.com)
111. Python Typing Survey 2025: Code Quality and Flexibility As Top Reasons for Typing Adoption (engineering.fb.com)
112. How Workers powers our internal maintenance scheduling pipeline (blog.cloudflare.com)
113. Drawing Truchet tiles in SVG (alexwlchan.net)
114. Weekly Update 483 (troyhunt.com)
115. Adding a README to S3 buckets with Terraform (alexwlchan.net)
116. Code Orange: Fail Small — our resilience plan following recent incidents (blog.cloudflare.com)
117. DrP: Meta’s Root Cause Analysis Platform at Scale (engineering.fb.com)
118. Masonry Layout is Now grid-lanes (css-tricks.com)
119. Innovating to address streaming abuse — and our latest transparency report (blog.cloudflare.com)
120. Evo Adds CycloneDX Support to Give Full AI Visibility (snyk.io)
121. Speed Up Your JavaScript Apps: Native Bun Support is Now Available on App Platform (www.digitalocean.com)
122. Introducing RSC Explorer (overreacted.io)
123. Search CSS-Tricks Raycast Extension (css-tricks.com)
124. Announcing support for GROUP BY, SUM, and other aggregation queries in R2 SQL (blog.cloudflare.com)
125.  Introducing our new ‘Programming with AI’ unit (www.raspberrypi.org)
126. AUTOSUR - 487,226 breached accounts (haveibeenpwned.com)
127. The Botting Network - 96,320 breached accounts (haveibeenpwned.com)
128. Building a Code Review system that uses prod data to predict bugs (blog.sentry.io)
129. Web Hosting Talk - 515,149 breached accounts (haveibeenpwned.com)
130. A More Powerful, Code-First Knowledge Base Experience on the DigitalOcean Gradient™ AI Platform (www.digitalocean.com)
131. Introducing DigitalOcean Gradient™ AI Agent Development Kit: A code-first way to build production-ready AI agents (www.digitalocean.com)
132. A Year of Innovation: DigitalOcean Managed Databases in 2025 (www.digitalocean.com)
133. Home working: preparing your organisation and staff (www.ncsc.gov.uk)
134. Responsive List of Avatars Using Modern CSS (Part 2) (css-tricks.com)
135. Data breaches: guidance for individuals and families (www.ncsc.gov.uk)
136. Sextortion emails: how to protect yourself (www.ncsc.gov.uk)
137. How We Built Meta Ray-Ban Display: From Zero to Polish (engineering.fb.com)
138. Astro Pi is 10: A decade of your code in space  (www.raspberrypi.org)
139. The palm tree that led to Palmyra (alexwlchan.net)
140. LCP and INP are now Baseline Newly available (web.dev)
141. Directional CSS with scroll-state(scrolled) (una.im)
142. Weekly Update 482 (troyhunt.com)
143. Why “Microservices” Debates Miss the Point (codeopinion.com)
144. Introducing the Spend by Date Range Billing View (www.digitalocean.com)
145. Microsoft.Testing.Platform Now Fully Supported in Azure DevOps (devblogs.microsoft.com)
146. What’s !important #1: Advent Calendars, CSS Wrapped, Web Platform Updates, and More (css-tricks.com)
147. 2025 highlights from the Raspberry Pi Computing Education Research Centre (www.raspberrypi.org)
148. Welcome to the new Project Zero Blog (googleprojectzero.blogspot.com)
149. Thinking Outside The Box [dusted off draft from 2017] (googleprojectzero.blogspot.com)
150. Drawing good architecture diagrams (www.ncsc.gov.uk)
151. Windows Exploitation Techniques: Winning Race Conditions with Path Lookups (googleprojectzero.blogspot.com)
152. New to the web platform in December (web.dev)
153. Let your Coding Agent debug your browser session with Chrome DevTools MCP (developer.chrome.com)
154. Cocoa SDK 9.0.0 has landed (blog.sentry.io)
155. How Temporal Powers Reliable Cloud Operations at Netflix (netflixtechblog.com)
156. Leveling Up Kubernetes: Key DigitalOcean Managed Kubernetes Releases in 2025 (www.digitalocean.com)
157. How to Build iOS Widgets with .NET MAUI (devblogs.microsoft.com)
158. Toon Title Text Generator (css-tricks.com)
159. Powering the Next Leap in AI: GPU Droplets accelerated by NVIDIA HGX™ B300 are coming soon to DigitalOcean (www.digitalocean.com)
160. Netflix Live Origin (netflixtechblog.com)
161. How AI Is Transforming the Adoption of Secure-by-Default Mobile Frameworks (engineering.fb.com)
162. Responsive List of Avatars Using Modern CSS (Part 1) (css-tricks.com)
163. Report URI Penetration Test 2025 (scotthelme.ghost.io)
164. From learners to leaders: Jayantika and Ruturaj’s journey as Code Club youth mentors (www.raspberrypi.org)
165. The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks (blog.cloudflare.com)
166. ChatGPT's rivals, Kwai's quiet rise: the top Internet services of 2025 (blog.cloudflare.com)
167. Mitigating malware and ransomware attacks (www.ncsc.gov.uk)
168. Cyber deception trials: what we’ve learned so far (www.ncsc.gov.uk)
169. Why I returned my Proton subscription (theorangeone.net)
170. Wrapping Up 2025 - The Year Of MCP (den.dev)
171. Processing 630 Million More Pwned Passwords, Courtesy of the FBI (troyhunt.com)
172. What Else Could Container Queries… Query? (css-tricks.com)
173. Secondary school maths showing that AI systems don’t think (www.raspberrypi.org)
174. Meeting my younger self (alexwlchan.net)
175. A look at an Android ITW DNG exploit (googleprojectzero.blogspot.com)
176. CSS scroll-triggered animations are coming! (developer.chrome.com)
177. React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques (blog.cloudflare.com)
178. Vote for the web features you want to see (web.dev)
179. A better way to monitor your AI agents in .NET apps (blog.sentry.io)
180. Tails 7.3.1 (tails.net)
181. Creating Scroll-Based Animations in Full view() (css-tricks.com)
182. Hard problems in social media archiving (alexwlchan.net)
183. Now Available: Remote MCP for DigitalOcean Services (www.digitalocean.com)
184. .NET and .NET Framework December 2025 servicing releases updates (devblogs.microsoft.com)
185. November 2025 Baseline monthly digest (web.dev)
186. Signal API for passkeys available on Chrome for Android (developer.chrome.com)
187. Shifting left at enterprise scale: how we manage Cloudflare with Infrastructure as Code (blog.cloudflare.com)
188. Aggregates in DDD: Model Rules, Not Relationships (codeopinion.com)
189. Shopping and paying safely online (www.ncsc.gov.uk)
190. How to recover an infected device (www.ncsc.gov.uk)
191. From User to Trusted Advisor: How Jeff Fan Powers Customer Success at DigitalOcean (www.digitalocean.com)
192. Recovering a hacked account (www.ncsc.gov.uk)
193. Early Years practitioners: using cyber security to protect your settings (www.ncsc.gov.uk)
194. How to spot scammers claiming to be from the NCSC (www.ncsc.gov.uk)
195. The Architecture Decision Record (ADR) Framework: making better technology decisions across the public sector (technology.blog.gov.uk)
196. Using IPsec to protect data (www.ncsc.gov.uk)
197. Prompt injection is not SQL injection (it may be worse) (www.ncsc.gov.uk)
198. Using TLS to protect data (www.ncsc.gov.uk)
199. A method to assess 'forgivable' vs 'unforgivable' vulnerabilities (www.ncsc.gov.uk)
200. The Internet forgets, but I don’t want to (alexwlchan.net)
201. Provisioning and managing certificates in the Web PKI (www.ncsc.gov.uk)
202. Updating our guidance on security certificates, TLS and IPsec (www.ncsc.gov.uk)
203. CSS Wrapped 2025 (developer.chrome.com)
204. Python Workers redux: fast cold starts, packages, and a uv-first workflow (blog.cloudflare.com)
205. Meet Web Vitals Performance Issues (blog.sentry.io)
206. CSS Wrapped: 2025! (una.im)
207. KinoKong - 817,808 breached accounts (haveibeenpwned.com)
208. DoTs SDK Development: Automating TypeScript Client Generation (www.digitalocean.com)
209. Cybersecurity industry overreacts to React vulnerability, starts panic, burns own house down again (doublepulsar.com)
210. When square pixels aren’t square (alexwlchan.net)
211. Weekly Update 481 (troyhunt.com)
212. Cloudflare outage on December 5, 2025 (blog.cloudflare.com)
213. AV1 — Now Powering 30% of Netflix Streaming (netflixtechblog.com)
214. Evaluate your AI agents faster and more effectively (www.digitalocean.com)
215. AI updates for all Sentry users (blog.sentry.io)
216. Why Does Have I Been Pwned Contain "Fake" Email Addresses? (troyhunt.com)
217. Cloudflare WAF proactively protects against React vulnerability (blog.cloudflare.com)
218. Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets (blog.cloudflare.com)
219. Building trust in the digital age: a collaborative approach to content provenance technologies (www.ncsc.gov.uk)
220. November 2025 Reading List (den.dev)
221. 2025 in Review (kentcdodds.com)
222. Small numbers of Notepad++ users reporting security woes (doublepulsar.com)
223. What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practice (www.ncsc.gov.uk)
224. Announcing Baseline in action (web.dev)
225. Domain-Driven Design Misconceptions (codeopinion.com)
226. Zilvia.net - 287,863 breached accounts (haveibeenpwned.com)
227. Weekly Update 480 (troyhunt.com)
228. Why Replicate is joining Cloudflare (blog.cloudflare.com)
229. Automatically Signing a Windows EXE with Azure Trusted Signing, dotnet sign, and GitHub Actions (hanselman.com)
230. Mypy 1.19 released (mypy-lang.org)
231. Wiz Cloud Security Championship October 2025 (skybound.link)
232. It's time for all small businesses to act (www.ncsc.gov.uk)
233. NCSC handing over the baton of smart meter security: a decade of progress (www.ncsc.gov.uk)
234. China Software Developer Network - 6,414,990 breached accounts (haveibeenpwned.com)
235. Visual collaboration week: getting involved with the Digital Workplace community   (technology.blog.gov.uk)
236. New to the web platform in November (web.dev)
237. Dissecting The Halo 5 Spartan Rank Manifest (den.dev)
238. Streamline Your Workflow: Announcing Environment Support for DigitalOcean App Platform (www.digitalocean.com)
239. Brand New Layouts with CSS Subgrid (www.joshwcomeau.com)
240. WebGPU is now supported in major browsers (web.dev)
241. Partnering with Black Forest Labs to bring FLUX.2 [dev] to Workers AI (blog.cloudflare.com)
242. One Year Of Model Context Protocol Through A Core Maintainer Lens (den.dev)
243. Minimal APIs, CQRS, DDD… Or Just Use Controllers? (codeopinion.com)
244. Get better visibility for the WAF with payload logging (blog.cloudflare.com)
245. Choosing a managed service provider (MSP) (www.ncsc.gov.uk)
246. <100ms E-commerce: Instant loads with Speculation Rules API (blog.sentry.io)
247. Eliminating N+1 Queries with Seer’s Automated Root Cause Analysis (blog.sentry.io)
248. What's New In The 2025-11-25 MCP Authorization Spec (den.dev)
249. CodeStepByStep - 103,077 breached accounts (haveibeenpwned.com)
250. Weekly Update 479 (troyhunt.com)
251. ADDA - 1,829,314 breached accounts (haveibeenpwned.com)
252. Should I rewrite the Python Launcher for Unix in Python? (snarky.ca)
253. Zoomer: Powering AI Performance at Meta’s Scale Through Intelligent Debugging and Optimization (engineering.fb.com)
254. Powered by DigitalOcean Hatch: How Ex-human uses GPU Droplets to Build Empathetic AI that Serves Customers (www.digitalocean.com)
255. Hacktoberfest 2025 Comes to a Close (www.digitalocean.com)
256. Can you take an ox to Oxford? (alexwlchan.net)
257. tree-me: Because git worktrees shouldn’t be a chore (haacked.com)
258. What organisations can learn from the record breaking fine over Capita’s ransomware incident (doublepulsar.com)
259. International Kiteboarding Organization - 340,349 breached accounts (haveibeenpwned.com)
260. The varying strictness of TypedDict (snarky.ca)
261. Key Transparency Comes to Messenger (engineering.fb.com)
262. Beckett Collectibles - 1,041,238 breached accounts (haveibeenpwned.com)
263. Eurofiber - 10,003 breached accounts (haveibeenpwned.com)
264. Vultr - 187,872 breached accounts (haveibeenpwned.com)
265. JavaScript SpeechSynthesis API (davidwalsh.name)
266. Seer can now trigger Cursor Agents to fix your bugs (blog.sentry.io)
267. Halo World Championship 2025 (den.dev)
268. Report URI - outage update (scotthelme.ghost.io)
269. Integrity Policy - Monitoring and Enforcing the use of SRI (scotthelme.ghost.io)
270. PowerToys 0.96 is here: endpoints for Advanced Paste, metadata support for PowerRename and more! (devblogs.microsoft.com)
271. The metrics product we built worked — But we killed it and started over anyway (blog.sentry.io)
272. Efficient Optimization With Ax, an Open Platform for Adaptive Experimentation (engineering.fb.com)
273. Introducing Logs, User Feedback, and more in the Sentry Godot SDK (blog.sentry.io)
274. Cloudflare outage on November 18, 2025 (blog.cloudflare.com)
275. Introducing webvitals.com: Find out what’s slowing down your site (blog.sentry.io)
276. Fix “This video format is not supported” on YouTube TV (davidwalsh.name)
277. Book early-access discount code (ericlippert.com)
278. Sentry has a bold new look (blog.sentry.io)
279. Shaping the future of public sector technology with the new Enterprise Architecture team (technology.blog.gov.uk)
280. Cleaning up messy dates in JSON (alexwlchan.net)