News

1. Growing the Cloudflare AI team with talent from Ensemble AI (blog.cloudflare.com)
2. The Instructure Canvas Breach (2026): How XSS in a Support Ticket Compromised 275 Million Students (scotthelme.ghost.io)
3. Weekly Update 508 (troyhunt.com)
4. Berkadia - 305,216 breached accounts (haveibeenpwned.com)
5. Infinite Campus - 137,123 breached accounts (haveibeenpwned.com)
6. The Government Just Banned an AI Model. An Engineer's Perspective. (snyk.io)
7. When a Government Pulls an AI Model: What the Fable 5 and Mythos 5 Suspension Means for Security Teams (snyk.io)
8. How we made GitHub Copilot CLI more selective about delegation (github.blog)
9. Copilot code review: New configurations and controls (github.blog)
10. GitHub Actions: Minimum version enforcement timeline for self-hosted runners (github.blog)
11. Scaling Security Insights: how we achieved a 10x increase in global scanning capacity (blog.cloudflare.com)
12. Better, faster, less wrong: Enhancing issue grouping (blog.sentry.io)
13. GitHub Enterprise Server 3.21 is now generally available (github.blog)
14. GitHub availability report: May 2026 (github.blog)
15. Bot-created pull requests can run workflows if approved (github.blog)
16. AI usage report updates (github.blog)
17. Copilot CLI: Configure everything from one place with /settings (github.blog)
18. New runner images in public preview (github.blog)
19. GitHub Agentic Workflows is now in public preview (github.blog)
20. Making secret scanning more trustworthy: Reducing false positives at scale (github.blog)
21. Agentic workflows no longer need a personal access token (github.blog)
22. Young people’s computer programs get data from space (www.raspberrypi.org)
23. Catch visual regressions with Snapshots, now in beta (blog.sentry.io)
24. List, view, and create discussions in GitHub CLI (github.blog)
25. University of Nottingham - 454,635 breached accounts (haveibeenpwned.com)
26. Join us for .NET Day on Agentic Modernization Livestream (devblogs.microsoft.com)
27. Give GitHub Copilot CLI real code intelligence with language servers (github.blog)
28. The Inference Alpha: Maximizing Frontier Models on AMD (www.digitalocean.com)
29. Solving the ‘God Object’ Problem with Shared Identity (codeopinion.com)
30. Route public traffic to private applications with Cloudflare (blog.cloudflare.com)
31. PowerToys 0.100 is here: new Shortcut Guide, Command Palette improvements and much more! (devblogs.microsoft.com)
32. Weekly Update 507 (troyhunt.com)
33. What We Learned Hiring 33 Engineers in Two Weeks (www.digitalocean.com)
34. .NET 11 Preview 5 (github.com)
35. .NET 11 Preview 5 is now available! (devblogs.microsoft.com)
36. .NET and .NET Framework June 2026 servicing releases updates (devblogs.microsoft.com)
37. From one-off prompts to workflows: How to use custom agents in GitHub Copilot CLI (github.blog)
38. Join the WebMCP origin trial (developer.chrome.com)
39. Defend against frontier cyber models: Cloudflare's architecture as customer zero (blog.cloudflare.com)
40. .NET at Microsoft Build 2026: Must watch sessions (devblogs.microsoft.com)
41. GitHub for Beginners: Answers to some common questions (github.blog)
42. Open-Sourcing dbsc-php: a Server Library for Device Bound Session Credentials in PHP (scotthelme.ghost.io)
43. Turning Cloudflare’s threat indicators into real-time WAF rules (blog.cloudflare.com)
44. Works on my machine: how we use AI to reproduce reported bugs (blog.sentry.io)
45. Using the Screen Capture API to record a browser window (alexwlchan.net)
46. Baker Distributing - 102,935 breached accounts (haveibeenpwned.com)
47. DBSC Beta at Report URI (scotthelme.ghost.io)
48. Your AI bill is out of control. Cloudflare can fix it now.  (blog.cloudflare.com)
49. Errors, traces, logs, metrics: when to reach for what (blog.sentry.io)
50. Using Pytester to test my Playwright fixtures (alexwlchan.net)
51. BCD Travel - 396,313 breached accounts (haveibeenpwned.com)
52. Firewalling Docker with nftables (theorangeone.net)
53. Model Evaluations: Prove Your Routing Policy Actually Works (www.digitalocean.com)
54. GitHub Universe is back: All together now, in the agentic era (github.blog)
55. VoidZero is joining Cloudflare (blog.cloudflare.com)
56. Software supply chain attacks: check your dependencies (www.ncsc.gov.uk)
57. Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp (snyk.io)
58. So You Have an AI Security Budget. Now what? (snyk.io)
59. Type Level Security: The future of secure AI code generation? (snyk.io)
60. Tails 7.8.1 (tails.net)
61. DentaQuest - 2,553,599 breached accounts (haveibeenpwned.com)
62. The Team Behind Deploy: Shipping AI, the DigitalOcean Way (www.digitalocean.com)
63. Powering the Inference Era: Inside the DigitalOcean Data & Learning Layer (www.digitalocean.com)
64. Lights Out, Systems On: Validating Instant Power Loss Readiness (engineering.fb.com)
65. Enforcing the First AS in BGP AS_PATHs (blog.cloudflare.com)
66. Support your young people with our AI literacy resources (www.raspberrypi.org)
67. Seamless PWA origin migration: Change domains without losing users (developer.chrome.com)
68. Chrome 150 beta (developer.chrome.com)
69. Welcoming the Philippine Government to Have I Been Pwned (troyhunt.com)
70. Dynamic Repartitioning for Time Series Workloads (netflixtechblog.com)
71. The New Security Risks of the Agentic Development Lifecycle (snyk.io)
72. Modular Monolith Boundaries Done Wrong (codeopinion.com)
73. Open by Design: How NVIDIA and DigitalOcean Are Building the Stack for the Always-On Agentic Era (www.digitalocean.com)
74. GitHub Copilot app: The agent-native desktop experience (github.blog)
75. Announcing Intelligent Terminal 0.1 (devblogs.microsoft.com)
76. Device Bound Session Credentials: Making Stolen Cookies Useless (scotthelme.ghost.io)
77. Building confidence to teach AI in the classroom (www.raspberrypi.org)
78. What's new in DevTools (Chrome 149) (developer.chrome.com)
79. New in Chrome 149 (developer.chrome.com)
80. Protestware by open source maintainer to hinder agentic coding: The jqwik 1.10.0 Prompt Injection (snyk.io)
81. The Inference Tax: How Prefix-Aware Routing Eliminates the Hidden Cost of LLMs at Scale (www.digitalocean.com)
82. DigitalOcean Serverless Inference: A Deep Dive (www.digitalocean.com)
83. How we reduced core unit boot time from hours to minutes (blog.cloudflare.com)
84. 1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever (troyhunt.com)
85. Edmunds - 177,860 breached accounts (haveibeenpwned.com)
86. Weekly Update 506 (troyhunt.com)
87. Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages (snyk.io)
88. Atlas Menu - 63,926 breached accounts (haveibeenpwned.com)
89. AI Disruptors: How the Next Generation of Business is Being Built (www.digitalocean.com)
90. High-Throughput Graph Abstraction at Netflix: Part I (netflixtechblog.com)
91. From Silos to Service Topology: Why Netflix Built a Real-Time Service Map (netflixtechblog.com)
92. Rendering a chat thread in CSS and JavaScript (alexwlchan.net)
93. New to the web platform in May (web.dev)
94. How Relay Network Adopted AI Coding Securely and Built the Foundation for Agentic Development (snyk.io)
95. Fix SCA issues at scale in your terminal with Snyk Remediation Agent in the CLI (snyk.io)
96. OpenCode Now Supports DigitalOcean Inference Router for Intelligent Model Routing (www.digitalocean.com)
97. Charter - 4,851,517 breached accounts (haveibeenpwned.com)
98. Still a developer. Just outside. Our latest GitHub Shop collection is here. (github.blog)
99. Microsoft’s stance on zero day exploits is a dumpster fire of their own making (doublepulsar.com)
100. How we built Cloudflare's data platform and an AI agent on top of it (blog.cloudflare.com)
101. Can AI support creativity? What educators can learn from creative machine learning (www.raspberrypi.org)
102. How we cut build times by two-thirds by deleting our CMS (blog.sentry.io)
103. Kemper - 269,299 breached accounts (haveibeenpwned.com)
104. Scalable, Cost-Efficient AI: Introducing Unified Batch Inference on DigitalOcean (www.digitalocean.com)
105. Iran's Internet is partially restored, Cloudflare Radar data shows (blog.cloudflare.com)
106. Stop Joining Tables In Your “Modular” Monolith (codeopinion.com)
107. Adopting open-source in local government  (technology.blog.gov.uk)
108. Designing secure access with ZTNA (www.ncsc.gov.uk)
109. Celebrating young tech creators at Coolest Projects Ireland 2026 (www.raspberrypi.org)
110. April 2026 Baseline monthly digest (web.dev)
111. Mytheresa - 84,108 breached accounts (haveibeenpwned.com)
112. Continuous Offensive Security: The Line We've Been Walking (snyk.io)
113. You don’t need to pick one: how Sentry and OpenTelemetry work together (blog.sentry.io)
114. Ameriprise - 502,597 breached accounts (haveibeenpwned.com)
115. Doing More with GitHub Copilot as a .NET Developer (devblogs.microsoft.com)
116. Give Your .NET MAUI Android Apps a Material 3 Makeover (devblogs.microsoft.com)
117. SilverTorch: Index as Model — A New Retrieval Paradigm for Recommendation Systems (engineering.fb.com)
118. Your agent can't fix what it can't see (blog.sentry.io)
119. CSS vs. JavaScript (www.joshwcomeau.com)
120. Build new features using built-in AI in Chrome (developer.chrome.com)
121. Welcoming the Bhutanese Government to Have I Been Pwned (troyhunt.com)
122. GitHub for Beginners: Getting started with Git and GitHub in VS Code (github.blog)
123. 7-Eleven - 185,256 breached accounts (haveibeenpwned.com)
124. Weekly Update 505 (troyhunt.com)
125. Laravel Lang Supply Chain Advisory (snyk.io)
126. Request-Based Autoscaling Is Now Generally Available on App Platform (www.digitalocean.com)
127. What's new in web extensions: I/O 2026 recap (developer.chrome.com)
128. Announcing Agent Governance Toolkit MCP Extensions for .NET (devblogs.microsoft.com)
129. Announcing Claude Compliance API support with Cloudflare CASB (blog.cloudflare.com)
130. Snyk announces Anthropic updates: Evo integrates with Claude Enterprise, and Snyk Desk comes to Claude Desktop (snyk.io)
131. Improving C# Memory Safety (devblogs.microsoft.com)
132. Passkeys, Permissions Policy and Bug Hunting in 1Password's WebAuthn Wrapper (scotthelme.ghost.io)
133. The product analytics you already have (blog.sentry.io)
134. New in Chrome at Google I/O 2026 (developer.chrome.com)
135. Modernize authentication with passkeys, digital credentials, and more (developer.chrome.com)
136. Securing The AI Revolution: How Snyk And Our Partners Are Scaling For The Future (snyk.io)
137. Dragonica Lunaris - 126,293 breached accounts (haveibeenpwned.com)
138. Windows93 / Myspace93 - 46,105 breached accounts (haveibeenpwned.com)
139. Tails 7.8 (tails.net)
140. Scaling Software Architecture Without Overengineering (codeopinion.com)
141. How We Built DigitalOcean Inference Router (www.digitalocean.com)
142. Open-Sourcing passkeys-php: A Security-Focused WebAuthn Library for PHP (scotthelme.ghost.io)
143. A Day in the Life of a Strategy Co-Op in Snyk’s Boston Office (snyk.io)
144. The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised (snyk.io)
145. Announcing Claude Managed Agents on Cloudflare (blog.cloudflare.com)
146. XSS Is Deadly for Passkeys: The Hidden Risk of Attestation None (scotthelme.ghost.io)
147. 15 updates from Google I/O 2026: Powering the agentic web with new capabilities, tools, and features in Chrome (developer.chrome.com)
148. CTT - 468,124 breached accounts (haveibeenpwned.com)
149. Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account (snyk.io)
150. Addi - 34,532,941 breached accounts (haveibeenpwned.com)
151. NuGet Package Pruning: Cleaner Dependencies and Actionable Vulnerability Reports (devblogs.microsoft.com)
152. Passkeys 101: An Introduction to Passkeys and How They Work (scotthelme.ghost.io)
153. Project Glasswing: what Mythos showed us (blog.cloudflare.com)
154. Weekly Update 504 (troyhunt.com)
155. Engineering Rigor in the AI Age: Building a Benchmark You Can Trust (eileencodes.com)
156. Anatomy of a WooCommerce Skimmer: A Technical Deep-Dive (scotthelme.ghost.io)
157. Thinking carefully before adopting agentic AI (www.ncsc.gov.uk)
158. Malicious node-ipc versions published to npm in suspected maintainer account compromise (snyk.io)
159. Our billing pipeline was suddenly slow. The culprit was a hidden bottleneck in ClickHouse (blog.cloudflare.com)
160. Beyond content: Helping teachers feel ready to teach AI (www.raspberrypi.org)
161. Start small, dream big with Code Club: Become an Incubator Partner (www.raspberrypi.org)
162. New ways to agentically build and edit dashboards (blog.sentry.io)
163. Waiting for website changes in the browser (alexwlchan.net)
164. Welcoming the Bahamian Government to Have I Been Pwned (troyhunt.com)
165. Abrigo - 711,099 breached accounts (haveibeenpwned.com)
166. PyCon US 2026 (devblogs.microsoft.com)
167. Process API Improvements in .NET 11 (devblogs.microsoft.com)
168. Your Model Doesn't Matter. Your Infrastructure Does. (www.digitalocean.com)
169. Reel Friends: Building Social Discovery that Scales to Billions (engineering.fb.com)
170. Browser Run: now running on Cloudflare Containers, it’s faster and more scalable (blog.cloudflare.com)
171. A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens (googleprojectzero.blogspot.com)
172. Canada Life - 237,810 breached accounts (haveibeenpwned.com)
173. .NET 11 Preview 4 (github.com)
174. Migrating Data Ingestion Systems at Meta Scale (engineering.fb.com)
175. Why Sagas Feel Broken (codeopinion.com)
176. When "idle" isn't idle: how a Linux kernel optimization became a QUIC bug (blog.cloudflare.com)
177. Cushman & Wakefield - 310,431 breached accounts (haveibeenpwned.com)
178. Tails 7.7.3 (tails.net)
179. Welcoming the Bangladesh Government to Have I Been Pwned (troyhunt.com)
180. Mypy 2.1 Released (mypy-lang.org)
181. Labyrinth 1.1: Making End-to-End Encrypted Backups Even More Reliable  (engineering.fb.com)
182. Under Attack: Responding to the Rise of Info-Stealer Threats (scotthelme.ghost.io)
183. AI is not neutral: What recent research says about bias, identity, and power (www.raspberrypi.org)
184. 10 questions to ask when using AI models to find vulnerabilities (www.ncsc.gov.uk)
185. From vibe code to production-ready: observability for Next.js and Supabase apps (blog.sentry.io)
186. Watching for file changes on macOS (alexwlchan.net)
187. TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack (snyk.io)
188. Welcoming the Costa Rican Government to Have I Been Pwned (troyhunt.com)
189. Weekly Update 503 (troyhunt.com)
190. My not-so-static new static website (theorangeone.net)
191. Scaling ArchUnit with Nebula ArchRules (netflixtechblog.com)
192. Monitor Unreal Engine Game Performance with Application Metrics (blog.sentry.io)
193. Debugging Event-Driven Systems: 5 Problems Teams Create (codeopinion.com)
194. Building for the future (blog.cloudflare.com)
195. How Cloudflare responded to the “Copy Fail” Linux vulnerability (blog.cloudflare.com)
196. Torchbox's new status page (theorangeone.net)
197. Fixing JavaScript observability, one library at a time (blog.sentry.io)
198. Mypy 2.0 Relased (mypy-lang.org)
199. When DNSSEC goes wrong: how we responded to the .de TLD outage (blog.cloudflare.com)
200. A day of big ideas at Coolest Projects USA Minnesota 2026 (www.raspberrypi.org)
201. Improved debugging for Expo apps with the React Native SDK (blog.sentry.io)
202. Weekly Update 502 (troyhunt.com)
203. Introducing Application Metrics: Track the signal, see the spike, jump to the trace (blog.sentry.io)
204. Powering the Inference Era: Inside the DigitalOcean AI-Native Cloud (www.digitalocean.com)
205. Democratizing Machine Learning at Netflix: Building the Model Lifecycle Graph (netflixtechblog.com)
206. Introducing Apache Arrow Support in mssql-python (devblogs.microsoft.com)
207. Tails 7.7.2 (tails.net)
208. Using Playwright to test my static sites (alexwlchan.net)
209. State of Routing in Model Serving (netflixtechblog.com)
210. The new Run dialog: faster, cleaner, and more capable (devblogs.microsoft.com)
211. How Meta Is Strengthening End-to-End Encrypted Backups (engineering.fb.com)
212. Preparing for a ‘vulnerability patch wave’ (www.ncsc.gov.uk)
213. Why localisation matters for AI literacy: Lessons from Uzbekistan (www.raspberrypi.org)
214. lightning PyPI Compromise: A Bun-Based Credential Stealer in Python (snyk.io)
215. Tails 7.7.1 (tails.net)
216. Building a basic cache with SQLite (alexwlchan.net)
217. Two commands to Sentry: now on Stripe Projects (blog.sentry.io)
218. Sentry's integration with Perforce is now generally available (blog.sentry.io)
219. Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478) (snyk.io)
220. "A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages (snyk.io)
221. Bridging the Gap to Autonomous Fixes: Snyk and Atlassian Unveil Intelligent Remediation for Jira (snyk.io)
222. Introducing DigitalOcean AI-Native Cloud for Production AI Workloads (www.digitalocean.com)
223. Scroll-Driven Animations (www.joshwcomeau.com)
224. PowerToys 0.99 is here: new monitor controls, easier window management, and Dock upgrades (devblogs.microsoft.com)
225. How we built the most performant DeepSeek V3.2, MiniMax-M2.5 and Qwen 3.5 397B on DigitalOcean Serverless Inference (www.digitalocean.com)
226. Introducing Seer Agent: The answer is already in Sentry. Now you can ask for it. (blog.sentry.io)
227. Weekly Update 501 (troyhunt.com)
228. Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers (snyk.io)
229. Python Environments Extension for VS Code- April Update (devblogs.microsoft.com)
230. Could your choice of metrics be harming your SOC? (www.ncsc.gov.uk)
231. Two years without cookies on the site, here's where we ended up (blog.sentry.io)
232. Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining (snyk.io)
233. Introducing the New Agentic Architecture for Snyk Agent Fix: Faster, Smarter, and More Secure (snyk.io)
234. DigitalOcean Dedicated Inference: A Technical Deep Dive (www.digitalocean.com)
235. Scaling Camera File Processing at Netflix (netflixtechblog.com)
236. HTTP GET requests with the Python standard library (alexwlchan.net)
237. New to the web platform in April (web.dev)
238. Beyond the Abyss Project Poseidon’s Quest for Zero-Downtime Reliability (www.digitalocean.com)
239. Microsoft Vibing — capturing screenshots and voice samples without governance (doublepulsar.com)
240. Defending against China-nexus covert networks of compromised devices (www.ncsc.gov.uk)
241. Passkeys are more secure than traditional ways to log in (www.ncsc.gov.uk)
242. NCSC: Leave passwords in the past - passkeys are the future (www.ncsc.gov.uk)
243. International cyber agencies share fresh advice to defend against China-linked covert networks (www.ncsc.gov.uk)
244. Supporting AI adoption for UK cyber defence (www.ncsc.gov.uk)
245. Executive Summary: Defending against China-nexus covert networks of compromised devices (www.ncsc.gov.uk)
246. From Incident Counting to SLIs: How DigitalOcean Rethought Availability (www.digitalocean.com)
247. When agents orchestrate agents, who's watching? (blog.sentry.io)
248. Hardcoding Security into Every Commit: The Future of Snyk Secrets (snyk.io)
249. JPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up? (snyk.io)
250. Tails 7.7 (tails.net)
251. The LLM Inference Trilemma: Throughput, Latency, Cost (www.digitalocean.com)
252. Just Use Postgres as a Queue? (codeopinion.com)
253. Security considerations when using Passkeys on your website (scotthelme.ghost.io)
254. World-first NCSC-engineered device secures vulnerable display links (www.ncsc.gov.uk)
255. Weekly Update 500 (troyhunt.com)
256. Gymnasium Markt Indersdorf win Student Robotics Competition 2026! (studentrobotics.org)
257. Mastering the 600B+ Frontier: Optimizing Large Model Deployments on the Inference Cloud (www.digitalocean.com)
258. Modernizing the Facebook Groups Search to Unlock the Power of Community Knowledge (engineering.fb.com)
259. Cyber chief: UK faces "perfect storm" for cyber security (www.ncsc.gov.uk)
260. New cross domain guidance for government, industry and the wider security community (www.ncsc.gov.uk)
261. No more monkey-patching: Better observability with tracing channels (blog.sentry.io)
262. Thank You For Being a Friend (blog.codinghorror.com)
263. Preparing for severe cyber threat: why leaders must act now (www.ncsc.gov.uk)
264. The Inference Cloud Memory Layer: A Technical Dive into DigitalOcean Managed Databases (www.digitalocean.com)
265. The Human Infrastructure: How Netflix Built the Operations Layer Behind Live at Scale (netflixtechblog.com)
266. We’re piloting NDX:Try, a new platform to help local councils test digital services before they buy (technology.blog.gov.uk)
267. Strengthening cyber resilience across the NHS with collaboration and innovation (www.ncsc.gov.uk)