News

1. Why Does Have I Been Pwned Contain "Fake" Email Addresses? (troyhunt.com)
2. Claude Opus 4.5 is now available in Visual Studio, JetBrains IDEs, Xcode, and Eclipse (github.blog)
3. Assign issues to Copilot using the API (github.blog)
4. Introducing Data Ingestion Building Blocks (Preview) (devblogs.microsoft.com)
5. Your stack, your rules: Introducing custom agents in GitHub Copilot for observability, IaC, and security (github.blog)
6. Cloudflare WAF proactively protects against React vulnerability (blog.cloudflare.com)
7. Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets (blog.cloudflare.com)
8. Run AutoMCP To Supercharge Your AI Agent with Libraries MCP Servers (snyk.io)
9. Security Advisory: Critical RCE Vulnerabilities in React Server Components & Next.js (CVE-2025-55182 / CVE-2025-66478) (snyk.io)
10. Accelerating innovation with AWS: Snyk selected as an AWS Pattern Partner (snyk.io)
11. November 2025 Reading List (den.dev)
12. GitHub Enterprise Server 3.19 release candidate is now available (github.blog)
13. Small numbers of Notepad++ users reporting security woes (doublepulsar.com)
14. “The local-first rebellion”: How Home Assistant became the most important project in your house (github.blog)
15. Secret scanning updates — November 2025 (github.blog)
16. Scrollytelling on Steroids With Scroll-State Queries (css-tricks.com)
17. What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practice (www.ncsc.gov.uk)
18. Announcing Baseline in action (web.dev)
19. New in Chrome 143 (developer.chrome.com)
20. Copilot Spaces: Public spaces and code view support (github.blog)
21. Domain-Driven Design Misconceptions (codeopinion.com)
22. Block repository administrators from installing GitHub Apps on their own now generally available (github.blog)
23. Cross-Platform Age Verification in .NET MAUI Applications (devblogs.microsoft.com)
24. Prevent a page from scrolling while a dialog is open (css-tricks.com)
25. How to orchestrate agents using mission control (github.blog)
26. Zilvia.net - 287,863 breached accounts (haveibeenpwned.com)
27. Weekly Update 480 (troyhunt.com)
28. Why Replicate is joining Cloudflare (blog.cloudflare.com)
29. When Speed Meets Security: Snyk Studio for Kiro (snyk.io)
30. Automatically Signing a Windows EXE with Azure Trusted Signing, dotnet sign, and GitHub Actions (hanselman.com)
31. Mypy 1.19 released (mypy-lang.org)
32. Wiz Cloud Security Championship October 2025 (skybound.link)
33. The ultimate gift guide for the developer in your life (github.blog)
34. It's time for all small businesses to act (www.ncsc.gov.uk)
35. NCSC handing over the baton of smart meter security: a decade of progress (www.ncsc.gov.uk)
36. China Software Developer Network - 6,414,990 breached accounts (haveibeenpwned.com)
37. .NET Day on Agentic Modernization Coming Soon (devblogs.microsoft.com)
38. Visual collaboration week: getting involved with the Digital Workplace community   (technology.blog.gov.uk)
39. New to the web platform in November (web.dev)
40. Digital Credentials API for credential issuance (developer.chrome.com)
41. Snyk Log Sniffer: AI-Powered Audit Log Insights for Security Leaders (snyk.io)
42. Dissecting The Halo 5 Spartan Rank Manifest (den.dev)
43. Copilot agent sessions from external apps are now available on GitHub Mobile for Android (github.blog)
44. Secret scanning alert assignees, security campaigns are generally available (github.blog)
45. Secrets in unlisted GitHub gists are reported to secret scanning partners (github.blog)
46. Why developers still flock to Python: Guido van Rossum on readability, AI, and the future of programming (github.blog)
47. Code scanning default setup bypasses GitHub Actions policy blocks (github.blog)
48. Streamline Your Workflow: Announcing Environment Support for DigitalOcean App Platform (www.digitalocean.com)
49. How GitHub’s agentic security principles make our AI agents as secure as possible (github.blog)
50. Brand New Layouts with CSS Subgrid (www.joshwcomeau.com)
51. How Ada Computer Science empowers students: Survey findings (www.raspberrypi.org)
52. WebGPU is now supported in major browsers (web.dev)
53. Partnering with Black Forest Labs to bring FLUX.2 [dev] to Workers AI (blog.cloudflare.com)
54. One Year Of Model Context Protocol Through A Core Maintainer Lens (den.dev)
55. Minimal APIs, CQRS, DDD… Or Just Use Controllers? (codeopinion.com)
56. Developers still need the right to challenge junk patents (github.blog)
57. On Inheriting and Sharing Property Values (css-tricks.com)
58. Get better visibility for the WAF with payload logging (blog.cloudflare.com)
59. Choosing a managed service provider (MSP) (www.ncsc.gov.uk)
60. <100ms E-commerce: Instant loads with Speculation Rules API (blog.sentry.io)
61. Eliminating N+1 Queries with Seer’s Automated Root Cause Analysis (blog.sentry.io)
62. What's New In The 2025-11-25 MCP Authorization Spec (den.dev)
63. CodeStepByStep - 103,077 breached accounts (haveibeenpwned.com)
64. Weekly Update 479 (troyhunt.com)
65. ADDA - 1,829,314 breached accounts (haveibeenpwned.com)
66. Should I rewrite the Python Launcher for Unix in Python? (snarky.ca)
67. Zoomer: Powering AI Performance at Meta’s Scale Through Intelligent Debugging and Optimization (engineering.fb.com)
68. Sketch: A guided tour of Copenhagen (css-tricks.com)
69. Powered by DigitalOcean Hatch: How Ex-human uses GPU Droplets to Build Empathetic AI that Serves Customers (www.digitalocean.com)
70. Hacktoberfest 2025 Comes to a Close (www.digitalocean.com)
71. Can you take an ox to Oxford? (alexwlchan.net)
72. tree-me: Because git worktrees shouldn’t be a chore (haacked.com)
73. What organisations can learn from the record breaking fine over Capita’s ransomware incident (doublepulsar.com)
74. International Kiteboarding Organization - 340,349 breached accounts (haveibeenpwned.com)
75. The varying strictness of TypedDict (snarky.ca)
76. Reinventing how .NET Builds and Ships (Again) (devblogs.microsoft.com)
77. Evolving GitHub Copilot’s next edit suggestions through custom model training (github.blog)
78. Key Transparency Comes to Messenger (engineering.fb.com)
79. Should We Even Have :closed? (css-tricks.com)
80. Beckett Collectibles - 1,041,238 breached accounts (haveibeenpwned.com)
81. Eurofiber - 10,003 breached accounts (haveibeenpwned.com)
82. Vultr - 187,872 breached accounts (haveibeenpwned.com)
83. JavaScript SpeechSynthesis API (davidwalsh.name)
84. Seer can now trigger Cursor Agents to fix your bugs (blog.sentry.io)
85. Halo World Championship 2025 (den.dev)
86. Report URI - outage update (scotthelme.ghost.io)
87. How we’re making GitHub Copilot smarter with fewer tools (github.blog)
88. Supercharge Your Test Coverage with GitHub Copilot Testing for .NET (devblogs.microsoft.com)
89. How to write a great agents.md: Lessons from over 2,500 repositories (github.blog)
90. Integrity Policy - Monitoring and Enforcing the use of SRI (scotthelme.ghost.io)
91. PowerToys 0.96 is here: endpoints for Advanced Paste, metadata support for PowerRename and more! (devblogs.microsoft.com)
92. What's New in WebGPU (Chrome 143) (developer.chrome.com)
93. The metrics product we built worked — But we killed it and started over anyway (blog.sentry.io)
94. A step-by-step guide to modernizing .NET applications with GitHub Copilot agent mode (devblogs.microsoft.com)
95. Efficient Optimization With Ax, an Open Platform for Adaptive Experimentation (engineering.fb.com)
96. Post-Quantum Cryptography in .NET (devblogs.microsoft.com)
97. Introducing Logs, User Feedback, and more in the Sentry Godot SDK (blog.sentry.io)
98. Code Club Conference 2025: Creativity, community, and collaboration in Cambridge (www.raspberrypi.org)
99. Changes to location permissions in Chrome on Windows (developer.chrome.com)
100. Announcing the Completion of the Core 2Africa System: Building the Future of Connectivity Together (engineering.fb.com)
101. Cloudflare outage on November 18, 2025 (blog.cloudflare.com)
102. Introducing webvitals.com: Find out what’s slowing down your site (blog.sentry.io)
103. Fix “This video format is not supported” on YouTube TV (davidwalsh.name)
104. Book early-access discount code (ericlippert.com)
105. Introducing F# 10 (devblogs.microsoft.com)
106. Introducing C# 14 (devblogs.microsoft.com)
107. Enhancing HDR on Instagram for iOS With Dolby Vision (engineering.fb.com)
108. Sentry has a bold new look (blog.sentry.io)
109. The “Most Hated” CSS Feature: asin(), acos(), atan() and atan2() (css-tricks.com)
110. Shaping the future of public sector technology with the new Enterprise Architecture team (technology.blog.gov.uk)
111. Replicate is joining Cloudflare (blog.cloudflare.com)
112. Cleaning up messy dates in JSON (alexwlchan.net)
113. Extending supported hashes in script-src (developer.chrome.com)
114. The Dawn of the 10x Team (blog.sentry.io)
115. Support For CIMD For MCP In Visual Studio Code (den.dev)
116. Streaming Digits of Pi (swharden.com)
117. Weekly Update 478 (troyhunt.com)
118. Open Source Is Good for the Environment (engineering.fb.com)
119. Quiet UI Came and Went, Quiet as a Mouse (css-tricks.com)
120. Python in Visual Studio Code – November 2025 Release (devblogs.microsoft.com)
121. Debunking myths about space science with Astro Pi impact evidence (www.raspberrypi.org)
122. The Range Syntax Has Come to Container Style Queries and if() (css-tricks.com)
123. Finding the grain of sand in a heap of Salt (blog.cloudflare.com)
124. Operation Endgame 3.0 - 2,046,030 breached accounts (haveibeenpwned.com)
125. Tails 7.2 (tails.net)
126. KubeCon NA 2025 CTF Writeup (skybound.link)
127. GPU Observability: Get Deeper Insights into Your Droplets and DOKS Clusters (www.digitalocean.com)
128. Connecting to production: the architecture of remote bindings (blog.cloudflare.com)
129. Weekly Update 477 (troyhunt.com)
130. Teams React to Student Robotics 2026 (studentrobotics.org)
131. Using Sentry Logs to Debug a Dynamic Sampling Issue (blog.sentry.io)
132. Range Syntax for Style Queries (una.im)
133. Clean Up Bloated CQRS Handlers (codeopinion.com)
134. StyleX: A Styling Library for CSS at Scale (engineering.fb.com)
135. Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectors (www.ncsc.gov.uk)
136. Announcing .NET 10 (devblogs.microsoft.com)
137. .NET 10 - Release (github.com)
138. Designing for every learner in every classroom (www.raspberrypi.org)
139. October 2025 Baseline monthly digest (web.dev)
140. Cyber Action Toolkit: breaking down the barriers to resilience (www.ncsc.gov.uk)
141. Hire Me in Japan (overreacted.io)
142. Meta’s Generative Ads Model (GEM): The Central Brain Accelerating Ads Recommendation AI Innovation (engineering.fb.com)
143. Headings: Semantics, Fluidity, and Styling — Oh My! (css-tricks.com)
144. A closer look at Python Workflows, now in beta (blog.cloudflare.com)
145. Detecting AV1-encoded videos with Python (alexwlchan.net)
146. TISZA Világ - 198,520 breached accounts (haveibeenpwned.com)
147. DIY BYOIP: a new way to Bring Your Own IP prefixes to Cloudflare (blog.cloudflare.com)
148. Sourcing the stack for local government technology (technology.blog.gov.uk)
149. Explaining the Accessible Benefits of Using Semantic HTML Elements (css-tricks.com)
150. How AI shapes your feed: An explainable social media simulator for the classroom (www.raspberrypi.org)
151. Async QUIC and HTTP/3 made easy: tokio-quiche is now open-source (blog.cloudflare.com)
152. Extract audio from your videos with Cloudflare Stream (blog.cloudflare.com)
153. How I use AI to code (natemcmaster.com)
154. Synthient Credential Stuffing Threat Data - 1,957,476,021 breached accounts (haveibeenpwned.com)
155. Monitor and reduce your mobile app size with Size Analysis (Early Access) (blog.sentry.io)
156. How Workers VPC Services connects to your regional private networks from anywhere in the world (blog.cloudflare.com)
157. NCSC to retire Web Check and Mail Check (www.ncsc.gov.uk)
158. Celebrating the UK’s National Engineering Day 2025 (www.raspberrypi.org)
159. Publisher pages: New to the Chrome Web Store (developer.chrome.com)
160. 2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned (troyhunt.com)
161. Not so "mini"-dumps: How we found missing crashes on SteamOS (blog.sentry.io)
162. Supercharging the ML and AI Development Experience at Netflix (netflixtechblog.com)
163. Video Invisible Watermarking at Scale (engineering.fb.com)
164. Building a better testing experience for Workflows, our durable execution engine for multi-step applications (blog.cloudflare.com)
165. Celebrating young tech creators: Coolest Projects 2025 and what’s next in 2026 (www.raspberrypi.org)
166. External attack surface management (EASM) buyer's guide (www.ncsc.gov.uk)
167. Leading the Cloud With Curiosity : Spotlight on Pranav Nambiar, SVP, AI/ML & PaaS (www.digitalocean.com)
168. CyberSlop — meet the new threat actor, MIT and Safe Security (doublepulsar.com)
169. Defeating KASLR by Doing Nothing at All (googleprojectzero.blogspot.com)
170. The “Most Hated” CSS Feature: tan() (css-tricks.com)
171. Fresh insights from old data: corroborating reports of Turkmenistan IP unblocking and firewall testing (blog.cloudflare.com)
172. Weekly Update 476 (troyhunt.com)
173. FedCM updates: Display iframe domain (developer.chrome.com)
174. You Need To Become A Full Stack Person (den.dev)
175. Building Better Apps with GitHub Copilot Custom Agents (montemagno.com)
176. BGP zombies and excessive path hunting (blog.cloudflare.com)
177. Go and enhance your calm: demolishing an HTTP/2 interop problem (blog.cloudflare.com)
178. Beyond IP lists: a registry format for bots and agents (blog.cloudflare.com)
179. Wiz Cloud Security Championship September 2025 (skybound.link)
180. I’m writing another book! (ericlippert.com)
181. Anonymous credentials: rate-limiting bots and agents without compromising privacy (blog.cloudflare.com)
182. What should be included in a data science curriculum for schools? (www.raspberrypi.org)
183. New to the web platform in October (web.dev)
184. Getting Creative With Small Screens (css-tricks.com)
185. Double Dispatch in DDD (codeopinion.com)
186. How cybercriminals can hijack your contracts (www.namecheap.com)
187. Helping Startups Build Faster with an AI Startup Ecosystem (www.digitalocean.com)
188. Detect fallback positions with anchored container queries from Chrome 143 (developer.chrome.com)
189. Chrome 143 beta (developer.chrome.com)
190. Detect fallback positions with anchored container queries from Chrome 143 (una.im)
191. The new home for Blockly (www.raspberrypi.org)
192. EASM buyer's guide now available (www.ncsc.gov.uk)
193. Springs and Bounces in Native CSS (www.joshwcomeau.com)
194. Why can’t my iPhone play that video? (alexwlchan.net)
195. New in Chrome 142 (developer.chrome.com)
196. Wiz Cloud Security Championship August 2025 (skybound.link)
197. Pure CSS Tabs With Details, Grid, and Subgrid (css-tricks.com)
198. How We (Almost) Found Chromium's Bug via Crash Reports to Report URI (troyhunt.com)
199. The winners of the Baseline Tooling Hackathon are... (web.dev)
200. MyVidster (2025) - 3,864,364 breached accounts (haveibeenpwned.com)
201. AI Code Review: 30K Bugs Lighter, 50% faster (blog.sentry.io)
202. Post-Training Generative Recommenders with Advantage-Weighted Supervised Finetuning (netflixtechblog.com)
203. Weekly Update 475 (troyhunt.com)
204. Tackling credential theft as a small business (www.namecheap.com)
205. Play, pedagogy, and real-world impact: What we learned from the AI Quests webinars (www.raspberrypi.org)
206. CSS Animations That Leverage the Parent-Child Relationship (css-tricks.com)
207. Image and audio models from fal now available on DigitalOcean (www.digitalocean.com)
208. Microsoft builds on Recall with Gaming Copilot — fails basic privacy tests (doublepulsar.com)
209. An Introduction to JavaScript Expressions (css-tricks.com)
210. OAuth App Based Workload Identity for Droplets (www.digitalocean.com)
211. Authorization: Domain or Application Layer? (codeopinion.com)
212. Patch management is essential to securing your supply chain (www.namecheap.com)
213. Doing my own syntax highlighting (finally) (alexwlchan.net)
214. SR2026 Issue 01 (studentrobotics.org)
215. Inside the Synthient Threat Data (troyhunt.com)
216. Synthient Stealer Log Threat Data - 182,962,095 breached accounts (haveibeenpwned.com)
217. Cyber security is business survival (www.ncsc.gov.uk)
218. Behind the Streams: Real-Time Recommendations for Live Events Part 3 (netflixtechblog.com)
219. How to Fix Any Bug (overreacted.io)
220. Weekly Update 474 (troyhunt.com)
221. URLPattern is now Baseline Newly available (web.dev)
222. Unreal Engine crash reporting now available on gaming consoles with trace-connected logs (blog.sentry.io)
223. How and Why Netflix Built a Real-Time Distributed Graph: Part 1 — Ingesting and Processing Data… (netflixtechblog.com)
224. The engineer of the future: AI in digital and data (technology.blog.gov.uk)
225. Same-document view transitions have become Baseline Newly available (web.dev)
226. Prosper - 17,605,276 breached accounts (haveibeenpwned.com)
227. PowerToys 0.95 is here: new Light Switch utility, faster Command Palette, and Peek with Spacebar (devblogs.microsoft.com)
228. Hello Cake - 22,907 breached accounts (haveibeenpwned.com)
229. Free the internet (tails.net)
230. .NET 10 Release Candidate 2 (github.com)
231. CVE-2025-49844 - The Redis CVSS 10.0 vulnerability and how we responded (scotthelme.ghost.io)
232. There's a hole in my bucket (www.ncsc.gov.uk)
233. Tails 7.1 (tails.net)
234. Maintaining a sustainable strengthened cyber security posture (www.ncsc.gov.uk)
235. Phishing attacks: defending your organisation (www.ncsc.gov.uk)
236. I ran a Half Marathon (theorangeone.net)
237. Weekly Update 473 (troyhunt.com)
238. What's The Deal With GitHub Spec Kit (den.dev)
239. Vietnam Airlines - 7,316,915 breached accounts (haveibeenpwned.com)
240. Why it took 4 years to get a lock files specification (snarky.ca)
241. Python in Visual Studio Code – October 2025 Release (devblogs.microsoft.com)
242. Is DigitalOcean Your Next Career Spot? A 5-Year Insider on Why It Should Be (www.digitalocean.com)
243. Court Injunctions are the Thoughts and Prayers of Data Breach Response (troyhunt.com)
244. Improving browser tracing step by step (blog.sentry.io)
245. Getting your organisation ready for Windows 11 upgrade before Autumn 2025 (www.ncsc.gov.uk)
246. Strengthening national cyber resilience through observability and threat hunting (www.ncsc.gov.uk)
247. Vibe Coding: Closing The Feedback Loop With Traceability (blog.sentry.io)
248. Your API Errors Suck (Here’s How to Fix Them) (codeopinion.com)
249. Announcing GPU Droplets accelerated by NVIDIA HGX H100 in the EU (www.digitalocean.com)
250. RFC 9794: a new standard for post-quantum terminology (www.ncsc.gov.uk)
251. Creating a personal wrapper around yt-dlp (alexwlchan.net)
252. Adpost - 3,339,512 breached accounts (haveibeenpwned.com)
253. Introducing the DigitalOcean AI Ecosystem (www.digitalocean.com)
254. Red Hat Consulting breach puts over 5000 high profile enterprise customers at risk — in detail (doublepulsar.com)
255. Weekly Update 472 (troyhunt.com)