News

1. Let’s talk about GitHub Actions (github.blog)
2. Post as Admin now available in GitHub Discussions (github.blog)
3. React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques (blog.cloudflare.com)
4. Repository dashboard: Find, search, and save queries in preview (github.blog)
5. OpenAI’s GPT-5.2 is now in public preview for GitHub Copilot (github.blog)
6. GitHub Availability Report: November 2025 (github.blog)
7. Celebrating the community: Irioluwa, Michelle, Jedidiah and Inioluwa (www.raspberrypi.org)
8. Vote for the web features you want to see (web.dev)
9. Let your Coding Agent debug your browser session with Chrome DevTools MCP (developer.chrome.com)
10. Cyber deception trials: what we’ve learned so far (www.ncsc.gov.uk)
11. A better way to monitor your AI agents in .NET apps (blog.sentry.io)
12. Tails 7.3.1 (tails.net)
13. Auto model selection is generally available in GitHub Copilot in Visual Studio Code (github.blog)
14. GitHub Spark: Improvements, DPA coverage, & dedicated SKU (github.blog)
15. GitHub Enterprise Server 3.19 is now generally available (github.blog)
16. Creating Scroll-Based Animations in Full view() (css-tricks.com)
17. Hard problems in social media archiving (alexwlchan.net)
18. The GitHub MCP Server adds support for tool-specific configuration, and more (github.blog)
19. Repository custom properties: GraphQL API and URL type (github.blog)
20. MCP joins the Linux Foundation: What this means for developers building the next era of AI tools and agents (github.blog)
21. Now Available: Remote MCP for DigitalOcean Services (www.digitalocean.com)
22. .NET and .NET Framework December 2025 servicing releases updates (devblogs.microsoft.com)
23. Implementing Cross-Platform In-App Billing in .NET MAUI Applications (devblogs.microsoft.com)
24. Speed is nothing without control: How to keep quality high in the AI era (github.blog)
25. npm classic tokens revoked, session-based auth and CLI token management now available (github.blog)
26. Dependabot-based dependency graphs for Go (github.blog)
27. CSS Wrapped 2025 (css-tricks.com)
28. Fit width text in 1 line of CSS (css-tricks.com)
29. November 2025 Baseline monthly digest (web.dev)
30. Signal API for passkeys available on Chrome for Android (developer.chrome.com)
31. Shifting left at enterprise scale: how we manage Cloudflare with Infrastructure as Code (blog.cloudflare.com)
32. Microsoft Learn MCP Server Elevates Development (devblogs.microsoft.com)
33. Aggregates in DDD: Model Rules, Not Relationships (codeopinion.com)
34. The new identity of a developer: What changes and what doesn’t in the AI era (github.blog)
35. .NET 10 Networking Improvements (devblogs.microsoft.com)
36. Sextortion emails: how to protect yourself (www.ncsc.gov.uk)
37. Shopping and paying safely online (www.ncsc.gov.uk)
38. How to recover an infected device (www.ncsc.gov.uk)
39. From User to Trusted Advisor: How Jeff Fan Powers Customer Success at DigitalOcean (www.digitalocean.com)
40. Mitigating malware and ransomware attacks (www.ncsc.gov.uk)
41. Recovering a hacked account (www.ncsc.gov.uk)
42. Early Years practitioners: using cyber security to protect your settings (www.ncsc.gov.uk)
43. Data breaches: guidance for individuals and families (www.ncsc.gov.uk)
44. How to spot scammers claiming to be from the NCSC (www.ncsc.gov.uk)
45. That Time I Tried Explaining HTML and CSS to My 5-Year Old Niece (css-tricks.com)
46. The Architecture Decision Record (ADR) Framework: making better technology decisions across the public sector (technology.blog.gov.uk)
47. Using IPsec to protect data (www.ncsc.gov.uk)
48. Prompt injection is not SQL injection (it may be worse) (www.ncsc.gov.uk)
49. Using TLS to protect data (www.ncsc.gov.uk)
50. A method to assess 'forgivable' vs 'unforgivable' vulnerabilities (www.ncsc.gov.uk)
51. The Internet forgets, but I don’t want to (alexwlchan.net)
52. Provisioning and managing certificates in the Web PKI (www.ncsc.gov.uk)
53. Updating our guidance on security certificates, TLS and IPsec (www.ncsc.gov.uk)
54. CSS Wrapped 2025 (developer.chrome.com)
55. Python Workers redux: fast cold starts, packages, and a uv-first workflow (blog.cloudflare.com)
56. Meet Web Vitals Performance Issues (blog.sentry.io)
57. CSS Wrapped: 2025! (una.im)
58. KinoKong - 817,808 breached accounts (haveibeenpwned.com)
59. DoTs SDK Development: Automating TypeScript Client Generation (www.digitalocean.com)
60. HTML Web Components Proposal From 1998 (css-tricks.com)
61. Cybersecurity industry overreacts to React vulnerability, starts panic, burns own house down again (doublepulsar.com)
62. What's new in DevTools, Chrome 143 (developer.chrome.com)
63. Winners of the Built-in AI Challenge 2025 (developer.chrome.com)
64. When square pixels aren’t square (alexwlchan.net)
65. Weekly Update 481 (troyhunt.com)
66. Cloudflare outage on December 5, 2025 (blog.cloudflare.com)
67. How to use GitHub Copilot Spaces to debug issues faster (github.blog)
68. AV1 — Now Powering 30% of Netflix Streaming (netflixtechblog.com)
69. .NET Conf 2025 Recap – Celebrating .NET 10, Visual Studio 2026, AI, Community, & More (devblogs.microsoft.com)
70. Evaluate your AI agents faster and more effectively (www.digitalocean.com)
71. Getting Creative With “The Measure” (css-tricks.com)
72. AI updates for all Sentry users (blog.sentry.io)
73. Why Does Have I Been Pwned Contain "Fake" Email Addresses? (troyhunt.com)
74. Introducing Data Ingestion Building Blocks (Preview) (devblogs.microsoft.com)
75. Your stack, your rules: Introducing custom agents in GitHub Copilot for observability, IaC, and security (github.blog)
76. Cloudflare WAF proactively protects against React vulnerability (blog.cloudflare.com)
77. Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets (blog.cloudflare.com)
78. Building trust in the digital age: a collaborative approach to content provenance technologies (www.ncsc.gov.uk)
79. Chrome 144 beta (developer.chrome.com)
80. Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182) (snyk.io)
81. Run AutoMCP To Supercharge Your AI Agent with Libraries MCP Servers (snyk.io)
82. Accelerating innovation with AWS: Snyk selected as an AWS Pattern Partner (snyk.io)
83. November 2025 Reading List (den.dev)
84. Small numbers of Notepad++ users reporting security woes (doublepulsar.com)
85. “The local-first rebellion”: How Home Assistant became the most important project in your house (github.blog)
86. Scrollytelling on Steroids With Scroll-State Queries (css-tricks.com)
87. What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practice (www.ncsc.gov.uk)
88. Announcing Baseline in action (web.dev)
89. New in Chrome 143 (developer.chrome.com)
90. Domain-Driven Design Misconceptions (codeopinion.com)
91. Cross-Platform Age Verification in .NET MAUI Applications (devblogs.microsoft.com)
92. Prevent a page from scrolling while a dialog is open (css-tricks.com)
93. How to orchestrate agents using mission control (github.blog)
94. Zilvia.net - 287,863 breached accounts (haveibeenpwned.com)
95. Weekly Update 480 (troyhunt.com)
96. Why Replicate is joining Cloudflare (blog.cloudflare.com)
97. When Speed Meets Security: Snyk Studio for Kiro (snyk.io)
98. Automatically Signing a Windows EXE with Azure Trusted Signing, dotnet sign, and GitHub Actions (hanselman.com)
99. Mypy 1.19 released (mypy-lang.org)
100. The ultimate gift guide for the developer in your life (github.blog)
101. It's time for all small businesses to act (www.ncsc.gov.uk)
102. NCSC handing over the baton of smart meter security: a decade of progress (www.ncsc.gov.uk)
103. China Software Developer Network - 6,414,990 breached accounts (haveibeenpwned.com)
104. .NET Day on Agentic Modernization Coming Soon (devblogs.microsoft.com)
105. Visual collaboration week: getting involved with the Digital Workplace community   (technology.blog.gov.uk)
106. New to the web platform in November (web.dev)
107. Digital Credentials API for credential issuance (developer.chrome.com)
108. Snyk Log Sniffer: AI-Powered Audit Log Insights for Security Leaders (snyk.io)
109. Dissecting The Halo 5 Spartan Rank Manifest (den.dev)
110. Streamline Your Workflow: Announcing Environment Support for DigitalOcean App Platform (www.digitalocean.com)
111. Brand New Layouts with CSS Subgrid (www.joshwcomeau.com)
112. How Ada Computer Science empowers students: Survey findings (www.raspberrypi.org)
113. WebGPU is now supported in major browsers (web.dev)
114. Partnering with Black Forest Labs to bring FLUX.2 [dev] to Workers AI (blog.cloudflare.com)
115. One Year Of Model Context Protocol Through A Core Maintainer Lens (den.dev)
116. Minimal APIs, CQRS, DDD… Or Just Use Controllers? (codeopinion.com)
117. On Inheriting and Sharing Property Values (css-tricks.com)
118. Get better visibility for the WAF with payload logging (blog.cloudflare.com)
119. Choosing a managed service provider (MSP) (www.ncsc.gov.uk)
120. <100ms E-commerce: Instant loads with Speculation Rules API (blog.sentry.io)
121. Eliminating N+1 Queries with Seer’s Automated Root Cause Analysis (blog.sentry.io)
122. What's New In The 2025-11-25 MCP Authorization Spec (den.dev)
123. CodeStepByStep - 103,077 breached accounts (haveibeenpwned.com)
124. Weekly Update 479 (troyhunt.com)
125. ADDA - 1,829,314 breached accounts (haveibeenpwned.com)
126. Should I rewrite the Python Launcher for Unix in Python? (snarky.ca)
127. Zoomer: Powering AI Performance at Meta’s Scale Through Intelligent Debugging and Optimization (engineering.fb.com)
128. Sketch: A guided tour of Copenhagen (css-tricks.com)
129. Powered by DigitalOcean Hatch: How Ex-human uses GPU Droplets to Build Empathetic AI that Serves Customers (www.digitalocean.com)
130. Hacktoberfest 2025 Comes to a Close (www.digitalocean.com)
131. Can you take an ox to Oxford? (alexwlchan.net)
132. tree-me: Because git worktrees shouldn’t be a chore (haacked.com)
133. What organisations can learn from the record breaking fine over Capita’s ransomware incident (doublepulsar.com)
134. International Kiteboarding Organization - 340,349 breached accounts (haveibeenpwned.com)
135. The varying strictness of TypedDict (snarky.ca)
136. Reinventing how .NET Builds and Ships (Again) (devblogs.microsoft.com)
137. Key Transparency Comes to Messenger (engineering.fb.com)
138. Should We Even Have :closed? (css-tricks.com)
139. Beckett Collectibles - 1,041,238 breached accounts (haveibeenpwned.com)
140. Eurofiber - 10,003 breached accounts (haveibeenpwned.com)
141. Vultr - 187,872 breached accounts (haveibeenpwned.com)
142. JavaScript SpeechSynthesis API (davidwalsh.name)
143. Seer can now trigger Cursor Agents to fix your bugs (blog.sentry.io)
144. Halo World Championship 2025 (den.dev)
145. Report URI - outage update (scotthelme.ghost.io)
146. Supercharge Your Test Coverage with GitHub Copilot Testing for .NET (devblogs.microsoft.com)
147. Integrity Policy - Monitoring and Enforcing the use of SRI (scotthelme.ghost.io)
148. PowerToys 0.96 is here: endpoints for Advanced Paste, metadata support for PowerRename and more! (devblogs.microsoft.com)
149. What's New in WebGPU (Chrome 143) (developer.chrome.com)
150. The metrics product we built worked — But we killed it and started over anyway (blog.sentry.io)
151. Efficient Optimization With Ax, an Open Platform for Adaptive Experimentation (engineering.fb.com)
152. Introducing Logs, User Feedback, and more in the Sentry Godot SDK (blog.sentry.io)
153. Code Club Conference 2025: Creativity, community, and collaboration in Cambridge (www.raspberrypi.org)
154. Changes to location permissions in Chrome on Windows (developer.chrome.com)
155. Announcing the Completion of the Core 2Africa System: Building the Future of Connectivity Together (engineering.fb.com)
156. Cloudflare outage on November 18, 2025 (blog.cloudflare.com)
157. Introducing webvitals.com: Find out what’s slowing down your site (blog.sentry.io)
158. Fix “This video format is not supported” on YouTube TV (davidwalsh.name)
159. Book early-access discount code (ericlippert.com)
160. Enhancing HDR on Instagram for iOS With Dolby Vision (engineering.fb.com)
161. Sentry has a bold new look (blog.sentry.io)
162. The “Most Hated” CSS Feature: asin(), acos(), atan() and atan2() (css-tricks.com)
163. Shaping the future of public sector technology with the new Enterprise Architecture team (technology.blog.gov.uk)
164. Replicate is joining Cloudflare (blog.cloudflare.com)
165. Cleaning up messy dates in JSON (alexwlchan.net)
166. The Dawn of the 10x Team (blog.sentry.io)
167. Support For CIMD For MCP In Visual Studio Code (den.dev)
168. Streaming Digits of Pi (swharden.com)
169. Weekly Update 478 (troyhunt.com)
170. Open Source Is Good for the Environment (engineering.fb.com)
171. Quiet UI Came and Went, Quiet as a Mouse (css-tricks.com)
172. Python in Visual Studio Code – November 2025 Release (devblogs.microsoft.com)
173. Debunking myths about space science with Astro Pi impact evidence (www.raspberrypi.org)
174. The Range Syntax Has Come to Container Style Queries and if() (css-tricks.com)
175. Finding the grain of sand in a heap of Salt (blog.cloudflare.com)
176. Operation Endgame 3.0 - 2,046,030 breached accounts (haveibeenpwned.com)
177. Tails 7.2 (tails.net)
178. GPU Observability: Get Deeper Insights into Your Droplets and DOKS Clusters (www.digitalocean.com)
179. Connecting to production: the architecture of remote bindings (blog.cloudflare.com)
180. Weekly Update 477 (troyhunt.com)
181. Teams React to Student Robotics 2026 (studentrobotics.org)
182. Using Sentry Logs to Debug a Dynamic Sampling Issue (blog.sentry.io)
183. Range Syntax for Style Queries (una.im)
184. Clean Up Bloated CQRS Handlers (codeopinion.com)
185. StyleX: A Styling Library for CSS at Scale (engineering.fb.com)
186. Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectors (www.ncsc.gov.uk)
187. .NET 10 - Release (github.com)
188. Designing for every learner in every classroom (www.raspberrypi.org)
189. October 2025 Baseline monthly digest (web.dev)
190. Cyber Action Toolkit: breaking down the barriers to resilience (www.ncsc.gov.uk)
191. Hire Me in Japan (overreacted.io)
192. Meta’s Generative Ads Model (GEM): The Central Brain Accelerating Ads Recommendation AI Innovation (engineering.fb.com)
193. Headings: Semantics, Fluidity, and Styling — Oh My! (css-tricks.com)
194. A closer look at Python Workflows, now in beta (blog.cloudflare.com)
195. Detecting AV1-encoded videos with Python (alexwlchan.net)
196. TISZA Világ - 198,520 breached accounts (haveibeenpwned.com)
197. DIY BYOIP: a new way to Bring Your Own IP prefixes to Cloudflare (blog.cloudflare.com)
198. Sourcing the stack for local government technology (technology.blog.gov.uk)
199. How AI shapes your feed: An explainable social media simulator for the classroom (www.raspberrypi.org)
200. Async QUIC and HTTP/3 made easy: tokio-quiche is now open-source (blog.cloudflare.com)
201. Extract audio from your videos with Cloudflare Stream (blog.cloudflare.com)
202. How I use AI to code (natemcmaster.com)
203. Synthient Credential Stuffing Threat Data - 1,957,476,021 breached accounts (haveibeenpwned.com)
204. Monitor and reduce your mobile app size with Size Analysis (Early Access) (blog.sentry.io)
205. How Workers VPC Services connects to your regional private networks from anywhere in the world (blog.cloudflare.com)
206. NCSC to retire Web Check and Mail Check (www.ncsc.gov.uk)
207. Celebrating the UK’s National Engineering Day 2025 (www.raspberrypi.org)
208. 2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned (troyhunt.com)
209. Not so "mini"-dumps: How we found missing crashes on SteamOS (blog.sentry.io)
210. Supercharging the ML and AI Development Experience at Netflix (netflixtechblog.com)
211. Video Invisible Watermarking at Scale (engineering.fb.com)
212. Building a better testing experience for Workflows, our durable execution engine for multi-step applications (blog.cloudflare.com)
213. Celebrating young tech creators: Coolest Projects 2025 and what’s next in 2026 (www.raspberrypi.org)
214. External attack surface management (EASM) buyer's guide (www.ncsc.gov.uk)
215. Leading the Cloud With Curiosity : Spotlight on Pranav Nambiar, SVP, AI/ML & PaaS (www.digitalocean.com)
216. CyberSlop — meet the new threat actor, MIT and Safe Security (doublepulsar.com)
217. Defeating KASLR by Doing Nothing at All (googleprojectzero.blogspot.com)
218. Fresh insights from old data: corroborating reports of Turkmenistan IP unblocking and firewall testing (blog.cloudflare.com)
219. Weekly Update 476 (troyhunt.com)
220. You Need To Become A Full Stack Person (den.dev)
221. Building Better Apps with GitHub Copilot Custom Agents (montemagno.com)
222. I’m writing another book! (ericlippert.com)
223. What should be included in a data science curriculum for schools? (www.raspberrypi.org)
224. New to the web platform in October (web.dev)
225. Double Dispatch in DDD (codeopinion.com)
226. How cybercriminals can hijack your contracts (www.namecheap.com)
227. Helping Startups Build Faster with an AI Startup Ecosystem (www.digitalocean.com)
228. Detect fallback positions with anchored container queries from Chrome 143 (una.im)
229. The new home for Blockly (www.raspberrypi.org)
230. EASM buyer's guide now available (www.ncsc.gov.uk)
231. Springs and Bounces in Native CSS (www.joshwcomeau.com)
232. Why can’t my iPhone play that video? (alexwlchan.net)
233. How We (Almost) Found Chromium's Bug via Crash Reports to Report URI (troyhunt.com)
234. The winners of the Baseline Tooling Hackathon are... (web.dev)
235. MyVidster (2025) - 3,864,364 breached accounts (haveibeenpwned.com)
236. AI Code Review: 30K Bugs Lighter, 50% faster (blog.sentry.io)
237. 2026 is the year of fine-tuned small models (seldo.com)
238. Post-Training Generative Recommenders with Advantage-Weighted Supervised Finetuning (netflixtechblog.com)
239. Weekly Update 475 (troyhunt.com)
240. Tackling credential theft as a small business (www.namecheap.com)
241. Image and audio models from fal now available on DigitalOcean (www.digitalocean.com)
242. Microsoft builds on Recall with Gaming Copilot — fails basic privacy tests (doublepulsar.com)
243. OAuth App Based Workload Identity for Droplets (www.digitalocean.com)
244. Authorization: Domain or Application Layer? (codeopinion.com)
245. Patch management is essential to securing your supply chain (www.namecheap.com)
246. Doing my own syntax highlighting (finally) (alexwlchan.net)
247. SR2026 Issue 01 (studentrobotics.org)
248. Inside the Synthient Threat Data (troyhunt.com)
249. Synthient Stealer Log Threat Data - 182,962,095 breached accounts (haveibeenpwned.com)
250. Cyber security is business survival (www.ncsc.gov.uk)
251. Behind the Streams: Real-Time Recommendations for Live Events Part 3 (netflixtechblog.com)
252. How to Fix Any Bug (overreacted.io)
253. Weekly Update 474 (troyhunt.com)
254. URLPattern is now Baseline Newly available (web.dev)
255. Unreal Engine crash reporting now available on gaming consoles with trace-connected logs (blog.sentry.io)
256. How and Why Netflix Built a Real-Time Distributed Graph: Part 1 — Ingesting and Processing Data… (netflixtechblog.com)
257. The engineer of the future: AI in digital and data (technology.blog.gov.uk)
258. Same-document view transitions have become Baseline Newly available (web.dev)
259. Prosper - 17,605,276 breached accounts (haveibeenpwned.com)
260. PowerToys 0.95 is here: new Light Switch utility, faster Command Palette, and Peek with Spacebar (devblogs.microsoft.com)
261. Hello Cake - 22,907 breached accounts (haveibeenpwned.com)
262. Free the internet (tails.net)
263. .NET 10 Release Candidate 2 (github.com)
264. CVE-2025-49844 - The Redis CVSS 10.0 vulnerability and how we responded (scotthelme.ghost.io)
265. There's a hole in my bucket (www.ncsc.gov.uk)
266. Tails 7.1 (tails.net)
267. Maintaining a sustainable strengthened cyber security posture (www.ncsc.gov.uk)
268. Phishing attacks: defending your organisation (www.ncsc.gov.uk)