CISA added CVE-2026-31431 — nicknamed “Copy Fail” — to its Known Exploited Vulnerabilities catalog on May 1. Eight days later it’s still under-discussed for what it is: a 732-byte Python script that gets you root on every Linux box running …
Today’s CVE drop: a dozen vulnerabilities in vm2, the popular Node.js sandbox library, with three of them at CVSS 9.8 — full sandbox escape, arbitrary code execution on the host. CVE-2026-24118 leverages JavaScript’s __lookupGetter__ to break out. CVE-2026-24120 bypasses …
Apple shipped iOS 26.3 yesterday with 38 security fixes, one of which was the first actively exploited zero-day of 2026: CVE-2026-20700, a memory-corruption bug in dyld — Apple’s dynamic linker, the very piece of code that loads every other …
David Smith — the indie iOS/watchOS developer behind Pedometer++ — published a piece this week reflecting on a stretch of work that should make every product engineer pause: six years spent perfecting one feature, the maps view on Apple Watch. …
Microsoft quietly published lib0xc on GitHub this week — described in its own README as “a set of C standard library-adjacent APIs for safer systems programming.” It’s MIT-licensed, sits in the official Microsoft GitHub org, and reached the front page …
Yesterday afternoon, Semgrep’s research team disclosed that versions 2.6.2 and 2.6.3 of lightning — the PyPI distribution of PyTorch Lightning, the standard high-level training wrapper used by tens of thousands of ML projects — were trojaned. Anyone who ran pip …
Zed reached 1.0 yesterday — a milestone five years in the making. For an editor that’s been in heavy public beta since 2022, with hundreds of thousands of users already running it daily, the version number is symbolic rather than …
Mitchell Hashimoto — the original creator of Vagrant, Packer, Terraform, and now Ghostty, the modern terminal emulator that’s been getting a lot of attention since its 1.0 release last year — published a post on Monday saying Ghostty is leaving …
Late on Sunday, Bloomberg reported that Microsoft and OpenAI have ended their exclusive cloud-and-revenue-sharing arrangement — the deal that made Azure the de facto home for OpenAI’s models since 2019 and gave Microsoft a percentage of OpenAI’s revenue in return …
Every year a new IDE arrives and developers spend a weekend learning it. New JetBrains release, new VS Code competitor, new AI-powered editor whose pricing model will pivot in 18 months. There’s an alternative: pick a stack of well-aged Unix …