▸ GitHub confirmed that a single malicious VSCode extension exfiltrated source code and tokens from 3,800 repositories before being pulled.
▸ SpaceX filed its S-1 with the SEC, the first time outsiders get audited numbers instead of leaked decks.
▸ An OpenAI reasoning model produced a constructive counterexample to a long-standing conjecture in discrete geometry, not just a proof sketch.
▸ Bun's ongoing Rust rewrite has been flagged for failing basic Miri checks, meaning the codebase contains undefined behavior even in code marked as saf...
▸ GitLab announced a workforce reduction alongside the retirement of its CREDIT values — the six cultural pillars (Collaboration, Results, Efficiency, D...
▸ HashiCorp co-founder Mitchell Hashimoto claims entire companies are now operating under 'AI psychosis' — making irrational organizational decisions dr...
▸ Thomas Ptacek argues that modern software is converging on the Emacs pattern: extensible platforms that absorb adjacent functionality until they becom...
▸ MIT President Sally Kornbluth disclosed a 20% drop in incoming graduate students, driven by federal research funding cuts and an increasingly hostile ...
▸ Flipper Devices published the Flipper One tech specs — a Linux-based SBC with integrated WiFi monitor mode, Sub-GHz, NFC, and an FPGA, in a Game Boy f...
▸ Mozilla is removing SpiderMonkey's dedicated asm.js AOT compiler — the code that proved JS could be a compile target and birthed WebAssembly.
▸ A researcher found that many Mullvad VPN servers have small enough anonymity sets that exit IPs alone can re-identify returning users across sessions.
▸ Antirez, the creator of Redis, has published his first detailed look at DS4 — a new data structure server that rethinks the ideas Redis was built on.
▸ Timothy Gowers, Fields Medal winner, published a detailed evaluation of ChatGPT 5.5 Pro on research-level mathematical problems — drawing massive atte...
▸ Debian's debian-devel-announce post declares that all packages must be reproducible — elevating a decade-old 'should' to a hard 'must' for release inc...
▸ npm averages roughly one high-profile supply chain compromise per quarter — a cadence no other major package ecosystem matches.
▸ The U.S. Department of Justice issued legal demands to Apple and Google to identify over 100,000 users who downloaded a car ECU-tuning app, as part of...
▸ John Gruber argues that AI, like the internet before it, is a technology layer that enhances existing products — not a product category you sell direc...
▸ Hardware attestation on Android checks whether your OS is Google-approved, not whether it's actually secure — a fully-patched GrapheneOS device fails ...
▸ Security engineer Arkadiy Tetelman documented the full teardown process for removing the DCM (Data Communication Module) and GPS antenna from a 2024 R...
▸ Google Project Zero published a full 0-click exploit chain targeting the Pixel 10, requiring zero user interaction to achieve remote code execution.