VBAnimal

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.

Handling schema changes in Polars. Our latest blog post maps the four shapes of schema change (a new column appears, an expected one disappears, a type drifts, or one breaks) to the Polars solution that handles each, across CSV, multi-file Parquet, Delta Lake, and Apache Iceberg. Read the full breakdown here: https://t.co/JouEgqDbaS

🆕 Today, we're releasing the public preview of Workflows, the orchestration layer for enterprise AI. 🌎 Enterprise teams have capable models. What they don't have is a way to run them reliably in production. That's the gap Workflows fills. It takes AI-powered business processes from prototype to production, with the durability, observability, and fault tolerance that production actually requires. Leading organisations like ASML, ABANCA, CMA-CGM, France Travail, La Banque Postale, Moeve, and many others are already using Workflows to automate critical processes.

Google Stitch introduced a new concept: DESIGN . md Like README . md but for design systems. A plain markdown file that LLMs read to generate consistent UI. An awesome collection of DESIGN . md files inspired by developer-focused websites like Stripe, Vercel, Linear, Notion, Figma and more. Drop one into your project. Your AI coding agent builds the rest.

say hello to free-code claude code source code fully recompiled, telemetry stripped, security guardrails prompts stripped, all working experimental features enabled including ultraplan mode - a new async agentic planning mode where claude starts a multi-agent research session in the browser lasting between 10 and 30 minutes since i know there are gonna be DMCA strikes on this i've uploaded it on the blockchain on IPFS

Imaginez : vous tombez sur une page web suspecte, vous la soumettez à votre assistant IA pour vérifier si c'est safe. Il analyse le contenu, puis vous certifie que tout est clean. Sauf que le texte qu'il a lu dans le HTML et ce que votre navigateur affiche à l'écran n'ont strictement rien à voir. Des chercheurs en sécurité ont monté une attaque qui repose sur deux ingrédients : une font custom et un peu de CSS. Le tout sans JavaScript, sans exploit, sans faille. Et vous savez quoi ? Aucun assistant IA du marché n'a détecté la supercherie. https://t.co/TfWdsPZOL8