Podcasts about Visual Studio Code

話したこと 電動歯ブラシ・歯科ケア フィリップス 電動歯ブラシ ソニッケアー（公式） 歯垢の染め出し（歯垢染色液）についての解説（歯科医院例） 音楽・ライブ（海外） my bloody valentine（公式） my bloody valentine 来日ツアー情報（SMASH） Primal Scream（公式） 『Live in Japan』(ライヴ・イン・ジャパン)（Wikipedia） SUMMER SONIC（公式） The Strokes（公式） ザ・ストロークス入門！サマソニ2026ヘッドライナーはなぜ伝説のバンドなのか⁉︎ - YouTube L'Arc-en-Ciel（公式） Jamiroquai（公式） ASIAN KUNG-FU GENERATION（公式） BUMP OF CHICKEN（公式） サカナクション（公式） AI・開発ツール（生成AI / agent / エディタ） Claude（Anthropic） Claude Code（公式） Cowork（Claude / Research Preview） Coworkを始める（Claude Support） Claude Computer Use（ドキュメント） OpenAI（公式） OpenAI Operator（公式） ChatGPT（公式） Cursor（公式） Visual Studio Code（公式） Git（公式） Google Gemini（公式） ハチミツが白く固まってしまったのですが、大丈夫でしょうか。（農林水産省） はちみつが白く固まったら 効果的な湯煎方法（参考） アニメ（プリキュア / 100カノ） 名探偵プリキュア！（東映公式） 名探偵プリキュア！（ABC番組公式） わんだふるぷりきゅあ！（東映公式） TVアニメ「君のことが大大大大大好きな100人の彼女」（公式） ボードゲーム・オモコロ オモコロ（公式） オモコロチャンネル（YouTube） 株式会社バーグハンバーグバーグ（公式） ARuFa（Wikipedia） ダ・ヴィンチ・恐山（Wikipedia） 原宿（オモコロ ライターページ） ボードゲームで社会が変わる（河出書房新社） シティチェイス（カワダ公式） 【お願いします】ヘリが飛び、車が走る…シティチェイスをさせてくださぁい！！ - YouTube ナナ（JELLY JELLY STORE） ナナ（ゲームマーケット掲載） 「ナナ」←何このボドゲすげーーー！！！ - YouTube レシピ（ホッパーエンターテイメント公式） キャプテン・リノ（すごろくや） Nintendo Switch（任天堂公式） Nintendo Switch 2（任天堂公式） 話してる人 tetuo41 sugaishun Yarukinai.fmについて Yarukinai.fmをサポートする

If you thought the internet was a dumpster fire before, the EU LAUNCHES SECOND INVESTIGATION INTO GROK because Musk's bot won't stop generating nonconsensual imagery. Meanwhile, META LARGELY FAILS TO PROTECT KIDS FROM AI CHATBOTS, proving that their internal safety checks are about as effective as a screen door on a submarine. If that doesn't creep you out, AFTER RING PRIVACY BACKLASH over police partnerships, a LEAKED EMAIL SUGGESTS RING PLANS TO EXPAND ‘SEARCH PARTY' from finding lost dogs to total neighborhood surveillance. Of course, REDDIT, META, AND GOOGLE VOLUNTARILY GAVE DHS INFO on users critical of ICE, because why stand up for privacy when you can just comply?In the news, we look at OPENCLAW, OPENAI AND THE FUTURE as the project's founder joins the Borg, even though META AND OTHER TECH FIRMS PUT RESTRICTIONS ON USE OF OPENCLAW because it's basically a security hole that can click your mouse for you. Peak stupidity has arrived with RFK JR'S NEW CHATBOT giving rectal dietary advice, while AI COMPANIES BOUGHT OUT ALL OF WESTERN DIGITAL'S HARD DRIVES through 2026, meaning you can't have storage because the bots need it more. Even VALVE ADMITS STEAM DECK AVAILABILITY IS AFFECTED by this memory hoarding. We also touch on STEVE BANNON SUED OVER MAGA CRYPTO SCHEME, LOS ANGELES COUNTY FILES LAWSUIT AGAINST ROBLOX for being a safety nightmare, and the fact that TESLA ROBOTAXIS REPORTEDLY CRASHING at four times the human rate. TESLA DODGES 30-DAY SUSPENSION by simply killing the word "Autopilot," while NEW YORK HITS THE BRAKES ON ROBOTAXI EXPANSION to keep the chaos at bay. Finally, POLYMARKET WITHDRAWS EXPLOSIVE ARTEMIS BETTING MARKET because betting on dead astronauts is too much even for them, leading the ETHEREUM CREATOR STARTING TO THINK THIS WHOLE PREDICTION MARKET THING MIGHT BE GAMBLING. As NEVADA SUES KALSHI and Jack Dorsey oversees INSIDE THE ROLLING LAYOFFS AT JACK DORSEY'S BLOCK—using AI to summarize the misery of his employees—just remember: YOU'LL BE SORRY WHEN YOU HEAR WHAT JUSTIN BIEBER'S $1.3 MILLION BORED APE IS WORTH NOW. Hint: it's twelve grand.In this week's MEDIA CANDY, we've got FREE BERT, KAT WILLIAMS: THE LAST REPORT, and the eternal return of SHREK. We're checking out MARK ROBER on Netflix, the return of MONARCH: LEGACY OF MONSTERS, and the trailer for GOOD LUCK, HAVE FUN, DON'T DIE. If you need a soundtrack for the apocalypse, Thomas Benjamin Wild Esq has you covered with STOP USING GENERATIVE A.I and the Gen-X anthem I'VE NO MORE F*S TO GIVE!.Moving to APPS & DOODADS, OBSIDIAN TO NOTES is a $14 well spent, unlike CURSOR and VISUAL STUDIO CODE which are getting bogged down by slow models. APPLE'S AI PENDANT sounds like a watered-down Humane pin that relies on your phone to think, and APPLE PODCASTS AND VIDEO remains a pipe dream because bandwidth costs money. We've reached the point where THERE'S A GRIM NEW EXPRESSION: “AI;DR” for things not worth reading, and THERE'S A NEW TERM FOR WORKERS FREAKING OUT over being replaced—AIRD, or AI Replacement Dysfunction—which is basically the low-grade panic of being made obsolete by a machine that thinks bananas go in your bum.AT THE LIBRARY, we're thumbing through CLEAVE THE SPARROW, THE REGICIDE REPORT by Charles Stross, and Robin Ince being NORMALLY WEIRD AND WEIRDLY NORMAL.Then we descend into THE DARK SIDE WITH DAVE, where the Muppets are taking over with THE MUPPET SHOW and MUPPETS NOW. We catch the latest on THE MANDALORIAN AND GROGU and TOY STORY 5, while tracking the PENTAGON PIZZA INDEX to see if war is breaking out. For the kids, we look at a 3D PRINTER / ENTRY LEVEL FOR KIDS like the Bambu Lab A1, and for the nerds, A STAR WARS-CENTRIC RSS FEED and a NEAT IDEA FOR AN RSS READER, “CURRENT,” which lets news drift away like water under a bridge. We wrap it all up with some HORROR IN UNDER TWO MINUTES and IMPECCABLE COVERS OF 80S SYNTH MUSIC, because at least the 80s had better soundtracks than this AI-generated nightmare.Sponsors:DeleteMe - Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/GOG and use promo code GOG at checkout.SquareSpace - go to squarespace.com/GRUMPY for a free trial. And when you're ready to launch, use code GRUMPY to save 10% off your first purchase of a website or domain.Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/734FOLLOW UPEU launches second investigation into Grok's nonconsensual image generationMeta largely fails to protect kids from AI chatbots, per its own testsAfter Ring privacy backlash, company abandons plans for police partnershipLeaked Email Suggests Ring Plans to Expand ‘Search Party' Surveillance Beyond DogsReddit, Meta, and Google Voluntarily Gave DHS Info of Anti-ICE Users, Report SaysIN THE NEWSOpenClaw, OpenAI and the futureMeta and Other Tech Firms Put Restrictions on Use of OpenClaw Over Security FearsRFK Jr's new chatbot advises the public on 'best foods to insert into rectum'AI Companies Bought Out All of Western Digital's Hard Drives for 2026 AlreadyValve admits Steam Deck availability is affected by memory and storage shortagesSteve Bannon sued over MAGA crypto schemeLos Angeles County files lawsuit against Roblox over child protectionsTesla Robotaxis Reportedly Crashing at a Rate That's 4x Higher Than HumansTesla dodges 30-day suspension in California after removing AutopilotNew York hits the brakes on robotaxi expansion planPolymarket withdraws explosive Artemis betting market after backlashEthereum Creator Starting to Think This Whole Prediction Market Thing Might be GamblingNevada sues Kalshi for operating a sports gambling market without a licenseInside the Rolling Layoffs at Jack Dorsey's BlockYou'll Be Sorry When You Hear What Justin Bieber's $1.3 Million Bored Ape Is Worth NowMEDIA CANDYFree BertKat Williams: The Last ReportShrekMark RoberMonarch: Legacy of MonstersGOOD LUCK, HAVE FUN, DON'T DIE | Official Trailer | February 13 - Only in TheatersSTOP USING GENERATIVE A.I (Original Song) by Thomas Benjamin Wild EsqI've No More F*s To Give! by Thomas Benjamin Wild EsqAPPS & DOODADSObsidian to NotesCursorVisual Studio CodeApple's AI Pendant Sounds Like a Watered-Down Humane Ai PinThere's a Grim New Expression: “AI;DR”There's a New Term for Workers Freaking Out Over Being Replaced by AIAT THE LIBRARYCleave the Sparrow by Jonathan KatzThe Regicide Report (Laundry Files Book 14) by Charles StrossNormally Weird and Weirdly Normal: My Adventures in Neurodiversity by Robin InceTHE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingThe Muppet ShowMuppets NowThe Mandalorian and Grogu | Official Trailer | In Theaters May 22Toy Story 5 | Official Trailer | In Theaters June 19Pentagon Pizza IndexBambu Lab A1A Star Wars-centric RSS feedCurrent RSS ReaderHorror in under two minutes.Impeccable covers of 80s synth musicTop Gun - Opening Theme (Synth Cover)CLOSING SHOUT-OUTSGreen Eggs and Ham narrated by the Reverend Jesse JacksonSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Starkiller represents a significant escalation in phishing infrastructure. A blockchain lender breach affects nearly a million users. The Kimwolf botnet disrupts a peer-to-peer privacy network. Researchers identifiy vulnerabilities in widely used Visual Studio Code extensions. DEF CON bans three men named in the Epstein files. Texas sues TP-Link over supply chain security. Experts question the impact of cyber versus kinetic damage in Venezuela. African law enforcement arrest hundreds of suspected scammers. Tim Starks from CyberScoop explains CISA's upcoming town hall meetings over ICS reporting rules. Warsaw walls off Wi-Fi-wired wheels.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop discussing “CISA to host industry feedback sessions on cyber incident reporting regulation.” Selected Reading Starkiller: New ‘Commercial-Grade' Phishing Kit Bypasses MFA (Infosecurity Magazine) Nearly 1 Million User Records Compromised in Figure Data Breach (SecurityWeek) Kimwolf Botnet Swamps Anonymity Network I2P (Krebs on Security) Flaws in Popular IDE Extensions Allow Data Exfiltration (Infosecurity Magazine) DEF CON bans three Epstein-linked men from future events (The Register) Texas sues TP-Link over Chinese hacking risks, user deception (Bleeping Computer) The Caracas operation suggests cyber was part of the plan – just not the whole operation (CyberScoop) Police arrests 651 suspects in African cybercrime crackdown (Bleeping Computer) Nigerian man gets eight years in prison for hacking tax firms (Bleeping Computer) Poland bans camera-packing cars made in China from military bases (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's Cloud Wars Minute, I look at how Microsoft is helping developers build and scale AI agents safely inside Visual Studio Code.Highlights00:10 — The Microsoft Copilot Studio extension for Visual Studio Code is now generally available, providing developers with the ability to build and manage Copilot Studio agents directly within the IDE. This extension is designed for developers and integrates seamlessly into their workflows.00:28 — It includes standard Git integration, request-based pull reviews, auditability, and is tailored to the VS Code UX. The new extension reflects the growing complexity of agents and equips developers with the same best practices they use for app development, including, as Microsoft puts it, source control, pull requests, change history, and repeatable deployments.01:02 — This extension really benefits developers when they need to manage complex agents, collaborate with multiple stakeholders, and ensure that any changes made are done so safely. It's ideal for developers who prefer to build within their IDE while also having an AI assistant available to help them iterate more quickly and productively.01:30 — The extension introduces important structural support for the development of AI agents. By integrating Copilot Studio directly into VS Code, Microsoft is empowering developers to build more efficiently, without compromising control, access to collaborators, or safety. This is a critical combination as AI agents become increasingly more powerful and complex.02:00 — As these agents continue to evolve, they require the same stringent checks and balances as traditional software. Microsoft's Copilot Studio extension addresses this by giving developers the tools they need to scale agents responsibly while maintaining performance. Visit Cloud Wars for more.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Researchers at Trend Micro have uncovered continued activity from China-aligned threat actors leveraging a cross-platform JavaScript-based command-and-control framework known as "PeckBirdy".Silent Push has identified an extensive phishing campaign targeting over 100 organizations, attributed to the threat actor group ShinyHunters.A malicious Visual Studio Code extension impersonating an AI coding assistant for Moltbot has been discovered distributing malware via the official VS Code Extension Marketplace.Dragos has attributed the December 2025 cyberattack on the Polish power grid to the Russian state-sponsored group known as ELECTRUM, with medium confidence.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

En este episodio de Investigando la Investigación me adentro en un terreno más técnico de lo habitual para hablar de herramientas de inteligencia artificial aplicadas a la programación y, sobre todo, del cambio de paradigma que estamos viviendo en la forma de desarrollar software. Empiezo recordando cómo usábamos —y muchos seguimos usando— modelos como ChatGPT para programar: pedir fragmentos de código, copiarlos en un editor, ejecutarlos, detectar errores y volver a iterar en un proceso manual y relativamente lento. Ese enfoque sigue siendo útil, pero empieza a quedarse corto frente a lo que está apareciendo ahora.En los últimos meses han surgido muchas herramientas que introducen la llamada programación basada en agentes. Ya no hablamos solo de generar código, sino de sistemas que analizan una petición, la descomponen en tareas, orquestan agentes que trabajan en paralelo y deciden cómo implementar una solución completa. Menciono brevemente algunas de estas herramientas, pero el foco del episodio se centra en Cursor, que a día de hoy me parece una de las opciones más completas. Cursor es, en esencia, un fork de Visual Studio Code que integra este enfoque y permite trabajar con proyectos reales, con múltiples ficheros, relaciones complejas y ejecución directa del código generado.Uno de los puntos clave del episodio es entender los distintos modos de trabajo de Cursor. Por un lado está el modo pregunta, pensado para discutir ideas y requisitos sin generar código. Luego está el modo plan, donde el sistema traduce esas ideas en un plan detallado de implementación que conviene revisar con calma y nunca aceptar a la primera. A partir de ahí entramos en el modo agente o de construcción, donde la herramienta despliega uno o varios agentes que implementan el plan, a menudo en paralelo. Finalmente, el modo depuración introduce un enfoque muy interesante basado en la generación y comprobación sistemática de hipótesis para localizar errores, de una forma mucho más transparente que los métodos anteriores.También hablo de aspectos prácticos importantes, como la posibilidad de elegir distintos modelos de lenguaje según la tarea, la necesidad de controlar bien los permisos que damos a los agentes y la importancia crítica del versionado del código para poder volver atrás cuando una iteración rompe algo que antes funcionaba. Dedico además parte del episodio a explicar las limitaciones del contexto y la memoria de estos sistemas y cómo gestionar sesiones largas para evitar errores sutiles.Para cerrar, planteo una reflexión más general: el rol del programador está cambiando hacia uno más cercano al de gestor de proyectos. Cada vez menos escribimos código línea a línea y cada vez más diseñamos planes, supervisamos agentes y validamos resultados. En este nuevo escenario, el trabajo realmente crítico pasa a ser el diseño de buenos planes y, sobre todo, de tests sólidos y fiables, que se convierten en el verdadero contrato del sistema. Todo apunta a que este cambio no ha hecho más que empezar.Si este episodio te ha resultado interesante, te agradecería mucho que desde la plataforma donde lo estés escuchando le des a like, lo marques como favorito o te suscribas al podcast. Es un gesto muy sencillo, pero ayuda enormemente a que Investigando la Investigación crezca y pueda llegar cada día a más gente.PD: Episodios relacionados: 234, 240, 309, 340, 341, 378

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.North Korean threat actors are targeting macOS software developers in a new malware campaign that abuses Visual Studio Code (VS Code) confi gurations to deliver JavaScript-based backdoors, according to research from Jamf.Sinkholes are usually seen as the end of a malicious campaign - the point where domains are seized and abuse stops.China's pen-testing and red-team ecosystem has always been hard to observe, especially since many teams stopped participating in international CTFs post-2018.A critical zero-day vulnerability, CVE-2025-64155, has been discovered in Fortinet's FortiSIEM platform by Horizon3.ai, allowing unauthenticated remote code execution and privilege escalation to root.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Automatic Script Execution In Visual Studio Code Visual Studio Code will read configuration files within the source code that may lead to code execution. https://isc.sans.edu/diary/Automatic%20Script%20Execution%20In%20Visual%20Studio%20Code/32644 Cisco Unified Communications Products Remote Code Execution Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b Zoom Vulnerability A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to execute remote code on the MMR via network access. https://www.zoom.com/en/trust/security-bulletin/zsb-26001/ Possible new SSO Exploit (CVE-2025-59718) on 7.4.9 https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/ SANS SOC Survey The 2026 SOC Survey is open, and we need your input to create a meaningful report. Please share your experience so we can advocate for what actually works in the trenches. https://survey.sans.org/jfe/form/SV_3ViqWZgWnfQAzkO?is=socsurveystormcenter

Unsecured Flock Safety Condor cameras were found livestreaming on the internet without passwords or encryption. The flaw exposed at least 60 cameras, allowing public access to feeds, downloads, and administrative controls. The researchers who disclosed the vulnerability reported facing police surveillance and job loss following what they termed their "responsible security research."The Federal Trade Commission (FTC) has finalized an order requiring General Motors and its OnStar service to obtain "clear, affirmative consent" from consumers before sharing sensitive driving and location data. The mandate grants consumers expanded rights to access, delete, and control the use of their personal information generated by connected vehicles.Homeland Security Investigations (HSI) has acquired a device potentially linked to "Havana Syndrome" using funding provided by the Department of Defense. Reportedly portable enough to fit in a backpack, the device is said to produce pulsed radio waves. A primary national security concern is that if the technology is viable, it may have proliferated, giving other nations access to a potentially harmful weapon.The "GhostPoster" malware campaign has re-emerged, leveraging malicious browser extensions installed by hundreds of thousands of users. The malware conceals its malicious code within image files and can activate after long delays. Its primary threats include injecting scripts into web pages, tracking user activity, and weakening browser security settings.A newly discovered malware framework named "VoidLink" shows strong evidence of being generated with AI assistance. Designed to target Linux cloud servers and container environments, VoidLink features a sophisticated modular design with rootkit capabilities. Analysis suggests the framework was generated to a functional state in about a week using an AI assistant, highlighting how AI is accelerating the creation of advanced malware.A malware campaign is deploying "Evelyn Stealer" through malicious Visual Studio Code extensions. The attack injects the stealer into a legitimate Windows process, grpconv.exe, to evade detection. The malware also tricks browsers into running in hidden contexts to avoid detection during credential harvesting. It is designed to exfiltrate developer credentials, browser cookies, and cryptocurrency wallets.The European Commission has proposed new mandatory cybersecurity legislation aimed at removing high-risk technology suppliers, such as Chinese firms Huawei and ZTE, from the EU's critical telecommunications and ICT infrastructure. This policy, which builds on frustrations with the EU's voluntary 5G Security Toolbox, shifts from voluntary guidelines to binding rules empowering the EU to restrict equipment based on national security risks.Italy's influential data privacy authority, the "Garante," is the subject of a corruption investigation. Prosecutors are examining allegations of excessive spending and possible corruption involving the agency's president, Pasquale Stanzione, and three other board members. The Garante is one of the EU's most proactive regulators against major technology firms.A recent security update for Windows 11 23H2 has introduced a bug preventing some PCs from shutting down or hibernating. Microsoft has linked the issue to its "Secure Launch" security feature. The company's official workaround is to use the command-prompt command shutdown /s /t 0 to force the machine to power down while a permanent fix is developed.

DOGE staff face scrutiny over possible Hatch Act violations. GitLab fixes a serious 2FA bypass. North Korean hackers target macOS developers through Visual Studio Code. Researchers say the VoidLink malware may be largely AI-built. MITRE rolls out a new embedded systems threat matrix. Oracle drops a massive patch update. Minnesota DHS reports a breach affecting 300,000 people. Germany looks to Israel for cyber defense lessons. A major illicit marketplace goes dark. Our guest is Ashley Jess, Senior Intelligence Analyst from Intel 471, with a “crash course” on underground cyber markets. And auditors emerge as an unlikely line of cyber defense. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Ashley Jess, Senior Intelligence Analyst from Intel 471, sharing a “crash course” on how underground cyber markets and emerging trends. Selected Reading Trump administration concedes DOGE team may have misused Social Security data (POLITICO) GitLab warns of high-severity 2FA bypass, denial-of-service flaws (Bleeping Computer) North Korean Hackers Target macOS Developers via Malicious VS Code Projects (SecurityWeek) Voidlink Linux Malware Was Built Using an AI Agent, Researchers Reveal (Infosecurity Magazine) MITRE Launches New Security Framework for Embedded Systems (SecurityWeek) Oracle's First 2026 CPU Delivers 337 New Security Patches (SecurityWeek) Minnesota Agency Notifies 304,000 of Vendor Breach (GovInfo Security) Germany and Israel Pledge Cybersecurity Alliance (BankInfo Security) $12B Scam Market Tudou Guarantee Shuts Down (GovInfo Security) Research reveals a surprising line of defence against cyber attacks: accountants (The Conversation) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

EP 275This week, we update you on an "oops" that might have had you in its line of sight.Security researchers uncovered a major exposure of Flock Safety's facial-tracking cameras openly livestreaming to the internet, prompting police visits and swift industry backlash.The FTC has finalized a landmark order requiring General Motors and OnStar to secure explicit consumer consent before monetizing sensitive driving and location data.The Pentagon quietly acquired a portable pulsed-radio-wave device, containing Russian components, that investigators believe may be connected to the long-mysterious Havana Syndrome incidents.A sophisticated malware operation has re-emerged, hiding persistent code inside seemingly benign browser extensions to silently track and compromise hundreds of thousands of users.Researchers have uncovered VoidLink, a highly modular Linux cloud malware framework whose code quality and development speed strongly indicate heavy AI-assisted creation.A new stealer campaign is targeting developers by delivering Evelyn Stealer through malicious Visual Studio Code extensions, harvesting credentials, crypto wallets, and more.The European Commission has proposed mandatory rules to exclude high-risk foreign vendors from critical telecom and ICT infrastructure, signaling a major shift toward fortified digital supply-chain security.Italy's aggressive data-protection authority, the Garante, faces a high-profile corruption and embezzlement investigation that threatens the credibility of one of Europe's most active tech regulators.Microsoft's latest security update has introduced an unexpected bug that prevents some Windows 11 systems from shutting down or hibernating when Secure Launch is enabled.Oops, they did it again…

Visual Studio Code has become one of the most influential tools in modern software development. The open-source code editor has evolved into a platform used by millions of developers around the world, and it has reshaped expectations for what a modern development environment can be through its intuitive UX, rich extension marketplace, and deep integration The post VS Code and Agentic Development with Kai Maetzel appeared first on Software Engineering Daily.

Visual Studio Code has become one of the most influential tools in modern software development. The open-source code editor has evolved into a platform used by millions of developers around the world, and it has reshaped expectations for what a modern development environment can be through its intuitive UX, rich extension marketplace, and deep integration The post VS Code and Agentic Development with Kai Maetzel appeared first on Software Engineering Daily.

Aujourd'hui, nous revenons sur un sujet qui a passionné nos lecteurs. Il s'agit de la promesse d'une productivité décuplée pour les développeurs grâce à l'intelligence artificielle générative.Imaginez un instant que vous ayez un assistant capable d'abattre des semaines de travail technique de codage en quelques heures, vous laissant le temps de profiter du réveillon.C'est exactement l'expérience qu'a tentée l'un de nos experts avec Codex, l'IA de programmation d'OpenAI.Réécriture complète du code HTML et CSSEntrons dans le vif du sujet. L'expérience repose sur l'utilisation de Codex directement intégré dans l'environnement de développement Visual Studio Code, le tout accessible via l'abonnement ChatGPT Plus à vingt dollars par mois. L'objectif était de voir si cette formule grand public pouvait rivaliser avec des outils professionnels bien plus coûteux.Concrètement, notre testeur a confié à l'IA des tâches variées et parfois fastidieuses, comme la réécriture complète du code HTML et CSS d'une page d'accueil, le débogage d'une liste de diffusion en JavaScript, ou encore la création d'un moteur d'interface complexe.Le résultat immédiat est stupéfiant. L'IA a permis de déléguer les tâches répétitives, notamment le CSS que beaucoup de développeurs redoutent, avec une efficacité redoutable, à condition de la guider pas à pas, section par section.24 jours de travail manuel en seulement 12 heures d'utilisation cumulée de l'IAC'est ici que les chiffres donnent le tournis.En termes de rendement pur, notre expert estime avoir multiplié sa productivité par seize.Tenez-vous bien. Il a accompli l'équivalent de vingt-quatre jours de travail manuel en seulement douze heures d'utilisation cumulée de l'IA.La première dose est toujours gratuite !Cependant, il y a un revers à la médaille, et il est de taille. L'abonnement à vingt dollars s'apparente à une offre d'appel, voire à une première dose gratuite.Après une journée d'utilisation intensive, l'utilisateur s'est heurté à des murs invisibles. D'abord une suspension de 33 minutes, puis de 90 minutes, et finalement un blocage complet de plus de cinq jours.Sans avertissement préalable, l'outil vous coupe donc l'herbe sous le pied, parfois en plein milieu d'une ligne de code, vous laissant le choix entre attendre une semaine ou passer à la caisse pour l'abonnement professionnel à 200 dollars.Cette expérience montre que le modèle économique des assistants de code évolue vers une segmentation forte. Si vous dirigez une équipe technique, sachez que les versions "Plus" grand public sont insuffisantes pour un usage intensif.Le ZD Tech est sur toutes les plateformes de podcast ! Abonnez-vous !Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.

✏️ Suscribirse https://youtu.be/XIdaiNJqp_A WordPress, inteligencia artificial y automatización ya no van por separado. En este episodio hablamos de cómo pasar del “plugin para todo” a un enfoque donde la estructura manda y la IA hace el trabajo mecánico: novedades de JetEngine con MCP Server, cambios importantes en Bricks (Core Framework), un staging sorprendentemente completo con InstaWP, y reflexiones prácticas sobre contenido estructurado, prompts, GPTs y flujos de publicación. Novedades del curso y herramientas que cambian el tablero (JetEngine, Bricks, Core Framework) Yannick está avanzando con su curso (ya cerca de 30 lecciones) y comentamos un patrón que se repite: mientras creas contenido, las herramientas cambian y toca reordenar el temario sobre la marcha. JetEngine: Command Center + MCP Server (IA conectada a tu WordPress) JetEngine ha sacado dos piezas que merecen atención: Command Center: una interfaz tipo chat dentro del panel, para crear CPTs, taxonomías, listings, etc., usando IA y contexto del propio sitio. MCP Server: lo importante. Activas el servidor MCP dentro de los ajustes de JetEngine y te da un endpoint con una lista de capacidades (“puedo crear CPTs, taxonomías, queries, listings, glosarios…”). La idea clave: ya no es “pregúntale a una IA genérica”, sino conectar tu IA (Claude, VS Code, etc.) con las acciones reales del sitio. Bricks: Core Framework integrado (y cómo afecta a tu stack) Otra novedad: Bricks ha integrado un Core Framework propio. Eso cambia decisiones típicas: Core Framework sigue teniendo sentido si trabajas con Gutenberg y quieres un sistema de clases. Pero Bricks + Core Framework externo empieza a perder sentido si Bricks ya trae el suyo. Conclusión práctica: más que memorizar “la lección de Core Framework”, lo importante es quedarte con el concepto: tener un sistema coherente y reutilizable, no ir “poniendo clases sobre la marcha”. Plugin útil para enlaces rotos: Wayback Machine Link Fixer (Internet Archive) Encontramos un plugin curioso y práctico: Internet Archive Wayback Machine Link Fixer. Qué hace: escanea enlaces rotos y, si existe una copia en Wayback Machine, reemplaza el enlace por la versión archivada. Es de esas cosas que no usas todos los días, pero como “herramienta de caja” tiene sentido si te importa: mantener contenido vivo en el tiempo, evitar recursos muertos, y mejorar experiencia/SEO en artículos antiguos con enlaces externos rotos. Staging en WordPress de verdad: prueba con InstaWP (sin copiarlo todo) Aquí el tema fuerte de herramientas: staging. Probé el staging de InstaWP con un cliente y me sorprendió. Lo relevante no es solo “crea un staging”, sino que te deja hacerlo de forma selectiva y con sincronización. Cómo funciona el staging de InstaWP (lo que merece la pena) Puntos clave del flujo: Conectas InstaWP con tu sitio. Si tu instalación supera cierto tamaño (p. ej. >500MB), puede requerir plan de pago (en el episodio se menciona un rango aproximado). Te da presets tipo: completo, sin carpeta de medios, personalizado. Lo mejor del modo personalizado: puedes excluir carpetas (logs, cachés, backups, vídeos, etc.), puedes seleccionar tablas de base de datos, puedes ordenar por tamaño para detectar “los bichos”, puedes asignar un nombre decente al staging (para no acabar con subdominios imposibles). La parte diferencial: sincronización bidireccional con “registro de cambios” Esto fue lo que más me llamó la atención: no es solo staging → producción. Activas un change record (registro de cambios) y luego puedes sincronizar cambios en ambas direcciones: traer cambios de producción a staging, publicar cambios de staging a producción. Y además puedes elegir a qué staging mandas cambios si tienes varios. Caso de uso típico donde esto brilla: cliente con WooCommerce o una tienda viva (entra pedidos mientras tú tocas cosas), cambios grandes por un lado y “hotfixes” por otro, evitar copiar 5GB de medios solo para probar un CSS. Nota importante: si usas plugins que crean tablas raras o estructuras no estándar, la sincronización puede no contemplarlo todo. Hay que probarlo con el stack real. MCP Server en JetEngine: IA creando CPTs, queries y glosarios desde VS Code Aquí bajamos a tierra el “IA + WordPress” con un ejemplo concreto: JetEngine MCP conectado desde Visual Studio Code. Qué es “MCP” aplicado a WordPress (en limpio) En la práctica: tu WordPress expone un endpoint diciendo “puedo hacer estas acciones”. Tu cliente (VS Code/Claude/lo que uses) se conecta y la IA no solo responde texto, también ejecuta acciones: crear CPTs, crear taxonomías, crear Custom Content Types, crear meta boxes/campos, crear listings, crear queries, crear glosarios, ajustar configuraciones. Ejemplos prácticos del episodio “Crea un CPT de botellas con campos de precio y capacidad” → hecho. “Crea una query de 5 items con precio más alto” → hecho. “Crea un glosario con los países de África” → hecho. El punto potente: esto no es “la IA inventando”, es la IA operando tu herramienta real. Y el ejemplo más bestia: con una captura de pantalla de un esquema (estructura de tipos de contenido) la IA genera la estructura del proyecto: CPTs, campos, configuraciones… casi todo. La idea que no se puede olvidar: la IA no diseña por ti la arquitectura Aquí lo dijimos claro: lo difícil no es “crear 12 CPTs”, lo difícil es diseñar bien la estructura. Analogía: tú eres el arquitecto, la IA es el albañil. Si el plano está bien, la IA acelera muchísimo. Si el plano está mal, vas rápido… hacia el sitio equivocado. Prompts largos, Proyectos y GPTs: cuándo usar cada cosa (sin complicarte) Volvimos a un tema recurrente: cómo trabajar con ChatGPT/IA de forma eficiente sin volverte loco creando 30 bots distintos. Regla práctica que salió del episodio Si la tarea es compleja, con muchas reglas y excepciones → mejor un GPT personalizado (o sistema equivalente). Si la tarea es repetitiva y sencilla → mejor prompt guardado (por ejemplo en expansión de texto) que puedas pegar en cualquier chat. Proyectos vs GPTs vs prompts Proyectos: útiles si vas a subir muchos archivos y mantener contexto vivo. GPTs personalizados: útiles si quieres “un asistente con reglas” para una tarea compleja. Prompts guardados: lo más flexible si quieres reutilizarlo en cualquier herramienta (ChatGPT, Whisper, etc.). Problema real que comentamos: a veces los proyectos no “recuerdan” tan bien como esperas, o la IA se inventa cosas aunque estén en el proyecto. Conclusión: hay que asumir que sigue siendo necesario guiar y validar. Expansión de texto: el truco simple que ahorra horas Elías usa expansión de texto desde hace años (atajos tipo ;social) para pegar prompts en cualquier sitio. Ventaja: no dependes de que la herramienta permita “guardar prompts”. Contenido estructurado vs editor de WordPress: menos bloques, más sistema Yannick compartió una reflexión importante: cada vez usa menos el “content” clásico del editor para maquetar. Por qué evitar “diseñar dentro del contenido” Problemas típicos: el cliente empieza a “diseñar” (sin saber) con bloques, colores, columnas… el contenido queda mezclado con el diseño, cambiar el diseño/tema implica rehacer contenido, se rompe la estrategia: no hay nada que obligue a seguir la estructura planificada. Enfoque recomendado: contenido limpio + campos personalizados La idea: una lista es una lista (datos), el diseño lo decides tú con plantillas/listings, y el contenido queda limpio en base de datos. Esto no significa “nunca usar content”. Ejemplo que salió: para una descripción general, puede tener sentido. pero lo repetitivo y estructurado (CPTs, fichas, productos, servicios, inmuebles, pruebas deportivas…) debería ir a campos personalizados. Ejemplo típico: en una ficha de inmueble: habitaciones, metros, ascensor, etc. → campos. descripción libre → puede ir en content, con control. Nueva herramienta de Google: Code Wiki (documentación dinámica con IA) Se mencionó una web nueva de Google: Code Wiki (repositorio/documentación generada con IA sobre tecnologías). Ejemplo: buscando WordPress aparecía algo como “WordPress Coding Standards”. La idea útil: tener una referencia “resumida” y visual (diagramas, explicaciones) a partir de repositorios o estándares, como apoyo rápido. Casos reales: reposicionar la web hacia automatización + publicaciones + proyecto Picon Castro La parte final del episodio fue muy “vida real”. Reorganización de proyectos y posicionamiento (automatización + WordPress) Elías está moviendo su web para que se entienda rápido: “este tío hace automatización”. Acciones concretas: cambio de logo (neutral, sin “experto WordPress”), reorganizar proyectos en dos bloques: arriba destacados (ahora automatización), abajo no destacados (más legacy WordPress), renombrar proyectos: en vez de “nombre de la web”, “nombre de la automatización”. También se comentó publicar en LinkedIn para ganar autoridad, con ejemplos reales (no teoría). Ejemplo práctico: importar 215 clientes y generar pedidos/entregas Caso: una empresa manda un Excel con 215 clientes para cestas/regalos. Flujo: importar CSV/Excel, automatizar creación de direcciones, líneas de pedido, notas, ajustar con un pedido de prueba, dejarlo corriendo. Esto es el tipo de ejemplo que posiciona bien porque es concreto y se entiende. Automatizaciones “con o dentro de WordPress” (respuesta a Fernando) Sí, se puede automatizar muchísimo alrededor de WordPress: publicar un post y distribuirlo en redes (con IA generando extractos distintos por red), WooCommerce → añadir contactos a Google Contacts, disparar WhatsApp, etc., membresías → sincronizar pago con rol y acceso en Discord, migrar contenido de Substack a WordPress limpiando formato y añadiendo categorías/etiquetas, secuencias de email y marketing conectadas a eventos de WordPress. Herramienta central mencionada: Make como “caja de herramientas” para automatización. Proyecto Picon Castro: cambios de diseño y lógica “edición vieja” Se comentó un proyecto real con cambios: hero pasa de fotos a vídeo (optimizado, con WebP/formatos eficientes, poster, carga diferida), uso de bloques tipo “details” para pestañas/acordeones con CSS, lógica: si la última edición ya pasó, mostrar aviso “estás viendo una edición antigua” hasta que haya nueva edición, enlaces de inscripción en campos personalizados de la edición. También se habló de un caso curioso: patrocinadores con distintos tamaños y orden: inicialmente random, luego “destacados” con checkbox, luego “oro/plata/bronce” con orden fijo + el resto aleatorio. Conclusión: cuando tienes control (en builder o en código), respondes mejor a cambios de cliente sin romper nada. Conclusión: la IA acelera, pero la estructura es la verdadera ventaja Si te quedas con una idea del episodio, que sea esta: La IA (MCP, JetEngine, modelos, etc.) puede automatizar lo mecánico. El valor está en diseñar la arquitectura: tipos de contenido, campos, flujos, sincronizaciones y reglas. Y en WordPress, eso se traduce en menos “maquetar en el content” y más contenido estructurado, staging serio (cuando hace falta) y automatización conectada a negocio. Si tú también estás notando que pasas de “plugins” a “prompts”, o que cada vez usas más campos/estructura que bloques, deja por ahí tu caso real: qué automatizaste, qué herramienta te salvó, o qué parte te está dando guerra. Preguntas frecuentes sobre WordPress, IA y automatización ¿Qué es MCP y para qué sirve en WordPress?MCP (Model Context Protocol) permite que una IA se conecte a un sistema (como JetEngine) y ejecute acciones reales: crear CPTs, taxonomías, queries, listings o glosarios desde un cliente como VS Code. ¿JetEngine ya permite “crear estructura con IA” de forma fiable?Sí para lo mecánico (CPTs, campos, queries). Pero necesitas diseñar bien la estructura antes: la IA acelera la ejecución, no sustituye la arquitectura. ¿InstaWP vale la pena para staging en clientes reales?En proyectos donde necesitas control (tiendas vivas, cambios frecuentes, instalaciones grandes) puede valer mucho la pena, sobre todo por el staging selectivo y la sincronización bidireccional. ¿Cuándo usar GPT personalizado vs prompt guardado?GPT personalizado cuando hay reglas complejas y muchas restricciones. Prompt guardado cuando la tarea es repetitiva y quieres reutilizarlo en cualquier herramienta sin depender de “proyectos” o GPTs. ¿Se puede automatizar WordPress sin tocar código?Sí, con herramientas como Make puedes automatizar publicaciones, WooCommerce, membresías, sincronizaciones con contactos/Discord/email, y añadir IA para generar textos, clasificar contenido o enriquecer flujos.

Hello and welcome to Episode 604 of Linux in the Ham Shack. In this deep dive episode, the hosts talk about the Visual Studio Code development environment, including its open …

Join us as James and Frank delve into the fascinating world of AI-driven UI design with Gemini 3.0, exploring its creative capabilities and potential to revolutionize aesthetics. Discover the latest AI model advancements, including GPT-5.1 and Codex, and gain insights into real-time trace debugging and distributed programming. Plus, we tackle the evolving landscape of Integrated Development Environments, AI tool integrations in Visual Studio Code, and cutting-edge developments in robotics and virtual reality. This episode is a must-listen for anyone interested in the intersection of AI, design, and technology. Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us (https://itunes.apple.com/us/podcast/merge-conflict/id1133064277?mt=2&ls=1) ⭐⭐ Machine transcription available on http://mergeconflict.fm

Parce que… c'est l'épisode 0x670! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Description Ce podcast réunit François Proulx, Alexis Maurer-Fortin et Sébastien Graveline, chercheurs chez BoostSecurity, une startup montréalaise spécialisée en sécurité applicative. L'épisode explore les coulisses de leur travail de recherche et développement, particulièrement leurs découvertes récentes sur les vulnérabilités de type “race condition” dans les pipelines CI/CD. Structure et méthodologie de recherche L'équipe de recherche de BoostSecurity fonctionne de manière structurée mais flexible. François Proulx définit les grandes orientations annuelles basées sur les tendances émergentes et les apprentissages de l'année précédente. Alexis apporte son expertise en développement backend et son approche défensive, tandis que Sébastien, joueur avide de CTF, contribue avec une perspective offensive de red team. Garance, absente lors de l'enregistrement, assure la rigueur académique en effectuant des revues approfondies de la littérature scientifique. Infrastructure de recherche massive L'équipe a développé une infrastructure impressionnante pour la détection de vulnérabilités à grande échelle. Au cœur de leur système se trouve Poutine, un outil open source développé en Go pour scanner les pipelines de build, particulièrement les GitHub Actions. Cette infrastructure analyse continuellement l'écosystème open source, accumulant plusieurs téraoctets de données sur des millions de projets. Leur système “Threat Hunter” ingère en quasi-temps réel tous les événements publics sur GitHub avec un délai d'environ cinq minutes, capturant même les dépôts éphémères qui n'existent que brièvement. Cette capacité leur permet de détecter des attaques en cours, comme l'attaque par “confused deputy” de Kong qu'ils ont pu capturer et analyser. Les données sont stockées dans Google Cloud BigQuery, permettant des analyses complexes qui auraient autrefois nécessité des semaines de travail. Découverte d'une nouvelle technique de malware François décrit une découverte récente concernant une technique d'obfuscation utilisant les “Private Use Areas” d'Unicode. Ces plages de caractères, réservées mais jamais attribuées officiellement, permettent d'encoder des données arbitraires dans des chaînes de caractères invisibles. Un malware peut ainsi être caché dans du code source JavaScript, Python ou Go sans être visible dans les éditeurs standards comme Visual Studio Code. En réponse, l'équipe a développé “Puant”, un outil open source capable de scanner efficacement des millions de fichiers en quelques secondes pour détecter l'utilisation de ces caractères suspects. L'outil peut s'intégrer facilement dans les pipelines CI/CD pour bloquer du code contenant ces caractères invisibles lors de la révision de pull requests. Vulnérabilités “Time of Check, Time of Use” dans les pipelines CI/CD La découverte majeure présentée concerne une classe de vulnérabilités de type “race condition” appliquée aux build pipelines. L'équipe a identifié six cas significatifs affectant des entreprises comme Nvidia, GitHub Copilot et Jupyter Notebook. Le premier cas découvert impliquait le “copy-pr-bot” de Nvidia. Ce bot copie le code d'une pull request dans une branche dédiée après qu'un mainteneur ait commenté “ok to test”. L'équipe a découvert une fenêtre d'environ cinq secondes entre la commande du mainteneur et l'exécution du bot, pendant laquelle un attaquant pouvait modifier le code malicieusement puis le rétablir, rendant l'attaque invisible. Pour GitHub Copilot, la vulnérabilité était encore plus exploitable manuellement. Lorsqu'un mainteneur assignait Copilot pour résoudre un bug décrit dans une issue, un attaquant pouvait modifier les instructions pendant la race condition, demandant au bot d'insérer une backdoor tout en affichant une tâche légitime à l'écran. Le cas de Jupyter Notebook était particulièrement ironique : la vulnérabilité résidait dans le code de mitigation d'une race condition précédemment rapportée. La correction initiale présentait une erreur typographique dans la référence temporelle utilisée, rendant la mitigation complètement inefficace. Recommandations et mitigations L'équipe propose plusieurs stratégies de mitigation. La plus importante consiste à utiliser des mécanismes atomiques qui lient l'approbation du mainteneur à un commit SHA spécifique. GitHub offre la fonctionnalité “Pull Request Review” qui garantit cette atomicité, contrairement aux simples commentaires ou labels qui restent vulnérables aux race conditions. Les environnements GitHub constituent une autre défense robuste. Ils permettent de définir des règles d'approbation liées à des commits précis et de limiter l'accès aux secrets sensibles. L'équipe recommande fortement de restreindre la permission “Workflow Write”, qui permet de modifier les workflows GitHub Actions, car elle amplifie considérablement l'impact potentiel d'une attaque. Finalement, l'adoption du principe “fail-close” plutôt que “fail-open” est essentielle : en cas d'erreur inattendue, le système doit arrêter l'exécution plutôt que de continuer. Des outils comme Poutine peuvent scanner automatiquement les workflows pour détecter ces vulnérabilités avant leur déploiement. D'ailleurs, une recherche académique récente a identifié Poutine comme l'un des meilleurs outils du domaine, particulièrement pour son excellent ratio signal/bruit. Impact de l'intelligence artificielle L'équipe observe que l'IA générative crée involontairement de nouvelles vulnérabilités. Certains pipelines vulnérables qu'ils ont découverts provenaient clairement de code généré automatiquement, créant ainsi de nouvelles chaînes d'attaque dans la supply chain logicielle. Cette conversation met en lumière l'importance croissante de la sécurité des pipelines CI/CD dans l'écosystème open source moderne, où l'automatisation accrue multiplie les vecteurs d'attaque potentiels. Notes Split-Second Side Doors: How Bot-Delegated TOCTOU Breaks The CI/CD Threat Model Collaborateurs Nicolas-Loïc Fortin Alexis-Maurer Fortin Sébastien Graveline François Proulx Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

In today's episode, host Jim Love discusses the discovery of the 'Glass Worm,' a self-spreading malware hidden in Visual Studio Code extensions downloaded over 35,000 times. The worm, hiding its malicious JavaScript in invisible unicode characters, steals developer credentials and drains crypto wallets. He also covers the security flaws in AI-powered IDEs like Cursor and Windsurf, leaving 1.8 million developers vulnerable. Lastly, a new survey from ISACA reveals that AI-driven attacks are now the top cybersecurity concern for 2026, overtaking ransomware and insider threats. Love advises how developers and security teams can mitigate these threats. 00:00 Introduction and Shoutout 01:10 Cybersecurity Headlines 01:46 Glass Worm Malware in Visual Studio Code 04:06 AI-Powered IDEs with Security Flaws 06:00 AI-Driven Cybersecurity Threats 07:50 Conclusion and Contact Information

In this episode of Hashtag Trending, host Jim Love discusses the Canadian CIO of the Year Awards and recognizes several winners. Highlights include OpenAI entering the browser market with ChatGPT-integrated Atlas, posing a serious threat to Google Chrome's dominance. Security concerns with Atlas storing OAuth tokens are mentioned, urging caution while experimenting with new AI browsers. Additionally, the Glassworm malware hiding in Visual Studio Code extensions is detailed, highlighting the importance of auditing extensions. Finally, an AI model collaboration between Google and Yale University shows promising results in cancer treatment by making tumors more visible to the immune system. Tune in for these updates and more! 00:00 Shoutout to CIO Achievements 01:56 Introducing Hashtag Trending 02:02 OpenAI's New Browser: Atlas 04:14 Security Alert: Glass Worm in VS Code 06:37 AI Breakthrough in Cancer Treatment 08:25 Closing Remarks and How to Support Us

How has AI changed coding with Visual Studio Code? Carl and Richard talk to James Montemagno about his experiences using the various LLM models available today with Visual Studio Code to build applications. James talks about the differences in approaches between Visual Studio and Visual Studio Code when it comes to AI tooling, and how those tools continue to evolve. The conversation also digs into how different people use AI tools to answer questions about errors, generate code, and manage projects. There's no one right way - you can experiment for yourself to get more done in less time!

How has AI changed coding with Visual Studio Code? Carl and Richard talk to James Montemagno about his experiences using the various LLM models available today with Visual Studio Code to build applications. James talks about the differences in approaches between Visual Studio and Visual Studio Code when it comes to AI tooling, and how those tools continue to evolve. The conversation also digs into how different people use AI tools to answer questions about errors, generate code, and manage projects. There's no one right way - you can experiment for yourself to get more done in less time!

Razor Tooling is evolving! Carl and Richard talk to David Wengier about the changes coming for Razor Pages in the next version of Visual Studio. David talks about the realization that much of the new work in Razor ties closely to Roslyn, which has resulted in a new co-hosting model that means higher performance and reliability for your web pages! The conversation delves into how capabilities in Visual Studio Code are shared with Visual Studio and vice versa, as well as the role of the Language Service Protocol in making it easier to bring more powerful tools to you.

Razor Tooling is evolving! Carl and Richard talk to David Wengier about the changes coming for Razor Pages in the next version of Visual Studio. David talks about the realization that much of the new work in Razor ties closely to Roslyn, which has resulted in a new co-hosting model that means higher performance and reliability for your web pages! The conversation delves into how capabilities in Visual Studio Code are shared with Visual Studio and vice versa, as well as the role of the Language Service Protocol in making it easier to bring more powerful tools to you.

With Windows 10's end-of-life looming, Paul and Leo dissect the real risks, questionable hardware requirements, and whether dumping old PCs in landfills is an acceptable trade-off for modern security. Plus, why is Apple finally buying up touchscreen displays for MacBooks after years of resistance, and what could that mean for the future of both Mac and Windows hardware? Windows Consumer Reports asks Microsoft to continue Windows 10 support Reminder: Windows 11 25H2 ISOs are available... x64 only, in Insider Preview. Arm version is from Dev channel and is a VHDX Dev (25H2) and Beta (24H2) - Copilot prompt in Click to Do, Prompt recommendations in Start, controller navigation for gaming handhelds, SCOOBE, agents in the Store, more Release Preview (24H2 AND 25H2) - Click to Do table detection, action tags, and Summarize improvements; agent in Settings improvements, Hardware indicator improvements, more Quick Machine Recovery is a solid addition to your recovery toolbox Microsoft releases Windows 365 Cloud Apps in Preview A MacBook with a touch screen? Oh the irony Microsoft 365 Microsoft finally settles Teams antitrust case with EU and you're not going to believe what happens next Microsoft 365 desktop apps (i.e. "Office") gets Copilot chat even for free - Web grounded? That's ungrounded, right? Microsoft 365 commercial pulls in previously separate sales, service, and financial services Outlook Lite is heading off to a farm to chase rabbits No more Office file editing in Microsoft 365 Copilot app for iPhone and iPad AI OpenAI and Microsoft hint at another major restructuring of their partnership Auto AI model selection comes to Visual Studio Code. Your orchestration is showing Visual Studio 2026 on .NET Rocks and the recent news about configuring GitHub Copilot in VS 20xx. Hardware October is going to be a big month for new hardware Apple rumored for October Google Home on October 1 with Gemini Amazon devices (September 30, close enough) Where are the next-gen PC chips? Xbox & games Third-party store integration comes to Xbox app on Windows Microsoft kicks off another big half month for Xbox Game Pass Epic Games can't stop beating Google in court Tips & Picks Tip of the week: Improve Windows 11 security App pick of the week: Google app for Windows Hosts: Leo Laporte and Paul Thurrott Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com helixsleep.com/twit

With Windows 10's end-of-life looming, Paul and Leo dissect the real risks, questionable hardware requirements, and whether dumping old PCs in landfills is an acceptable trade-off for modern security. Plus, why is Apple finally buying up touchscreen displays for MacBooks after years of resistance, and what could that mean for the future of both Mac and Windows hardware? Windows Consumer Reports asks Microsoft to continue Windows 10 support Reminder: Windows 11 25H2 ISOs are available... x64 only, in Insider Preview. Arm version is from Dev channel and is a VHDX Dev (25H2) and Beta (24H2) - Copilot prompt in Click to Do, Prompt recommendations in Start, controller navigation for gaming handhelds, SCOOBE, agents in the Store, more Release Preview (24H2 AND 25H2) - Click to Do table detection, action tags, and Summarize improvements; agent in Settings improvements, Hardware indicator improvements, more Quick Machine Recovery is a solid addition to your recovery toolbox Microsoft releases Windows 365 Cloud Apps in Preview A MacBook with a touch screen? Oh the irony Microsoft 365 Microsoft finally settles Teams antitrust case with EU and you're not going to believe what happens next Microsoft 365 desktop apps (i.e. "Office") gets Copilot chat even for free - Web grounded? That's ungrounded, right? Microsoft 365 commercial pulls in previously separate sales, service, and financial services Outlook Lite is heading off to a farm to chase rabbits No more Office file editing in Microsoft 365 Copilot app for iPhone and iPad AI OpenAI and Microsoft hint at another major restructuring of their partnership Auto AI model selection comes to Visual Studio Code. Your orchestration is showing Visual Studio 2026 on .NET Rocks and the recent news about configuring GitHub Copilot in VS 20xx. Hardware October is going to be a big month for new hardware Apple rumored for October Google Home on October 1 with Gemini Amazon devices (September 30, close enough) Where are the next-gen PC chips? Xbox & games Third-party store integration comes to Xbox app on Windows Microsoft kicks off another big half month for Xbox Game Pass Epic Games can't stop beating Google in court Tips & Picks Tip of the week: Improve Windows 11 security App pick of the week: Google app for Windows Hosts: Leo Laporte and Paul Thurrott Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com helixsleep.com/twit

With Windows 10's end-of-life looming, Paul and Leo dissect the real risks, questionable hardware requirements, and whether dumping old PCs in landfills is an acceptable trade-off for modern security. Plus, why is Apple finally buying up touchscreen displays for MacBooks after years of resistance, and what could that mean for the future of both Mac and Windows hardware? Windows Consumer Reports asks Microsoft to continue Windows 10 support Reminder: Windows 11 25H2 ISOs are available... x64 only, in Insider Preview. Arm version is from Dev channel and is a VHDX Dev (25H2) and Beta (24H2) - Copilot prompt in Click to Do, Prompt recommendations in Start, controller navigation for gaming handhelds, SCOOBE, agents in the Store, more Release Preview (24H2 AND 25H2) - Click to Do table detection, action tags, and Summarize improvements; agent in Settings improvements, Hardware indicator improvements, more Quick Machine Recovery is a solid addition to your recovery toolbox Microsoft releases Windows 365 Cloud Apps in Preview A MacBook with a touch screen? Oh the irony Microsoft 365 Microsoft finally settles Teams antitrust case with EU and you're not going to believe what happens next Microsoft 365 desktop apps (i.e. "Office") gets Copilot chat even for free - Web grounded? That's ungrounded, right? Microsoft 365 commercial pulls in previously separate sales, service, and financial services Outlook Lite is heading off to a farm to chase rabbits No more Office file editing in Microsoft 365 Copilot app for iPhone and iPad AI OpenAI and Microsoft hint at another major restructuring of their partnership Auto AI model selection comes to Visual Studio Code. Your orchestration is showing Visual Studio 2026 on .NET Rocks and the recent news about configuring GitHub Copilot in VS 20xx. Hardware October is going to be a big month for new hardware Apple rumored for October Google Home on October 1 with Gemini Amazon devices (September 30, close enough) Where are the next-gen PC chips? Xbox & games Third-party store integration comes to Xbox app on Windows Microsoft kicks off another big half month for Xbox Game Pass Epic Games can't stop beating Google in court Tips & Picks Tip of the week: Improve Windows 11 security App pick of the week: Google app for Windows Hosts: Leo Laporte and Paul Thurrott Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com helixsleep.com/twit

With Windows 10's end-of-life looming, Paul and Leo dissect the real risks, questionable hardware requirements, and whether dumping old PCs in landfills is an acceptable trade-off for modern security. Plus, why is Apple finally buying up touchscreen displays for MacBooks after years of resistance, and what could that mean for the future of both Mac and Windows hardware? Windows Consumer Reports asks Microsoft to continue Windows 10 support Reminder: Windows 11 25H2 ISOs are available... x64 only, in Insider Preview. Arm version is from Dev channel and is a VHDX Dev (25H2) and Beta (24H2) - Copilot prompt in Click to Do, Prompt recommendations in Start, controller navigation for gaming handhelds, SCOOBE, agents in the Store, more Release Preview (24H2 AND 25H2) - Click to Do table detection, action tags, and Summarize improvements; agent in Settings improvements, Hardware indicator improvements, more Quick Machine Recovery is a solid addition to your recovery toolbox Microsoft releases Windows 365 Cloud Apps in Preview A MacBook with a touch screen? Oh the irony Microsoft 365 Microsoft finally settles Teams antitrust case with EU and you're not going to believe what happens next Microsoft 365 desktop apps (i.e. "Office") gets Copilot chat even for free - Web grounded? That's ungrounded, right? Microsoft 365 commercial pulls in previously separate sales, service, and financial services Outlook Lite is heading off to a farm to chase rabbits No more Office file editing in Microsoft 365 Copilot app for iPhone and iPad AI OpenAI and Microsoft hint at another major restructuring of their partnership Auto AI model selection comes to Visual Studio Code. Your orchestration is showing Visual Studio 2026 on .NET Rocks and the recent news about configuring GitHub Copilot in VS 20xx. Hardware October is going to be a big month for new hardware Apple rumored for October Google Home on October 1 with Gemini Amazon devices (September 30, close enough) Where are the next-gen PC chips? Xbox & games Third-party store integration comes to Xbox app on Windows Microsoft kicks off another big half month for Xbox Game Pass Epic Games can't stop beating Google in court Tips & Picks Tip of the week: Improve Windows 11 security App pick of the week: Google app for Windows Hosts: Leo Laporte and Paul Thurrott Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com helixsleep.com/twit

With Windows 10's end-of-life looming, Paul and Leo dissect the real risks, questionable hardware requirements, and whether dumping old PCs in landfills is an acceptable trade-off for modern security. Plus, why is Apple finally buying up touchscreen displays for MacBooks after years of resistance, and what could that mean for the future of both Mac and Windows hardware? Windows Consumer Reports asks Microsoft to continue Windows 10 support Reminder: Windows 11 25H2 ISOs are available... x64 only, in Insider Preview. Arm version is from Dev channel and is a VHDX Dev (25H2) and Beta (24H2) - Copilot prompt in Click to Do, Prompt recommendations in Start, controller navigation for gaming handhelds, SCOOBE, agents in the Store, more Release Preview (24H2 AND 25H2) - Click to Do table detection, action tags, and Summarize improvements; agent in Settings improvements, Hardware indicator improvements, more Quick Machine Recovery is a solid addition to your recovery toolbox Microsoft releases Windows 365 Cloud Apps in Preview A MacBook with a touch screen? Oh the irony Microsoft 365 Microsoft finally settles Teams antitrust case with EU and you're not going to believe what happens next Microsoft 365 desktop apps (i.e. "Office") gets Copilot chat even for free - Web grounded? That's ungrounded, right? Microsoft 365 commercial pulls in previously separate sales, service, and financial services Outlook Lite is heading off to a farm to chase rabbits No more Office file editing in Microsoft 365 Copilot app for iPhone and iPad AI OpenAI and Microsoft hint at another major restructuring of their partnership Auto AI model selection comes to Visual Studio Code. Your orchestration is showing Visual Studio 2026 on .NET Rocks and the recent news about configuring GitHub Copilot in VS 20xx. Hardware October is going to be a big month for new hardware Apple rumored for October Google Home on October 1 with Gemini Amazon devices (September 30, close enough) Where are the next-gen PC chips? Xbox & games Third-party store integration comes to Xbox app on Windows Microsoft kicks off another big half month for Xbox Game Pass Epic Games can't stop beating Google in court Tips & Picks Tip of the week: Improve Windows 11 security App pick of the week: Google app for Windows Hosts: Leo Laporte and Paul Thurrott Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com helixsleep.com/twit

With Windows 10's end-of-life looming, Paul and Leo dissect the real risks, questionable hardware requirements, and whether dumping old PCs in landfills is an acceptable trade-off for modern security. Plus, why is Apple finally buying up touchscreen displays for MacBooks after years of resistance, and what could that mean for the future of both Mac and Windows hardware? Windows Consumer Reports asks Microsoft to continue Windows 10 support Reminder: Windows 11 25H2 ISOs are available... x64 only, in Insider Preview. Arm version is from Dev channel and is a VHDX Dev (25H2) and Beta (24H2) - Copilot prompt in Click to Do, Prompt recommendations in Start, controller navigation for gaming handhelds, SCOOBE, agents in the Store, more Release Preview (24H2 AND 25H2) - Click to Do table detection, action tags, and Summarize improvements; agent in Settings improvements, Hardware indicator improvements, more Quick Machine Recovery is a solid addition to your recovery toolbox Microsoft releases Windows 365 Cloud Apps in Preview A MacBook with a touch screen? Oh the irony Microsoft 365 Microsoft finally settles Teams antitrust case with EU and you're not going to believe what happens next Microsoft 365 desktop apps (i.e. "Office") gets Copilot chat even for free - Web grounded? That's ungrounded, right? Microsoft 365 commercial pulls in previously separate sales, service, and financial services Outlook Lite is heading off to a farm to chase rabbits No more Office file editing in Microsoft 365 Copilot app for iPhone and iPad AI OpenAI and Microsoft hint at another major restructuring of their partnership Auto AI model selection comes to Visual Studio Code. Your orchestration is showing Visual Studio 2026 on .NET Rocks and the recent news about configuring GitHub Copilot in VS 20xx. Hardware October is going to be a big month for new hardware Apple rumored for October Google Home on October 1 with Gemini Amazon devices (September 30, close enough) Where are the next-gen PC chips? Xbox & games Third-party store integration comes to Xbox app on Windows Microsoft kicks off another big half month for Xbox Game Pass Epic Games can't stop beating Google in court Tips & Picks Tip of the week: Improve Windows 11 security App pick of the week: Google app for Windows Hosts: Leo Laporte and Paul Thurrott Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com helixsleep.com/twit

The U.S. version of TikTok may continue to use the Chines version of the Algorithm, a U.S. Court of Appeals denied Google’s request to pause Play Store reforms, and Microsoft is integrating Anthropic’s Claude Sonnet 4 into Visual Studio Code for GitHub Copilot. MP3 Please SUBSCRIBE HERE for free or get DTNS Live ad-free. AContinue reading "The US Version of TikTok May Continue To Use The Chinese Algorithm – DTH"

An airhacks.fm conversation with Ingo Kegel (@IngoKegel) about: jclasslib bytecode viewer development history starting in 2001, transition from CVS to Subversion to Git, SourceForge to GitHub migration, Swing UI development with FlatLaf look and feel, comparison between Swing and SWT APIs, Eclipse plugin development experiences, Visual Studio Code integration with jprofiler, Homebrew package management for Mac applications, Java desktop module and modularization, jlink for creating trimmed JDK distributions, security benefits of shipping only required modules, Java compatibility improvements since Java 17, Base64 encoder becoming public API, internal API access restrictions with module system, comparison of Java installation simplicity versus Node.js and python, potential JSON support in future JDK versions, NetBeans integration attempt and recognition issues, bytecode instrumentation for profiling, asm and ByteBuddy as standard bytecode manipulation libraries, class file format evolution and complexity, module system introducing new structures, stack map tables and verification challenges, using JClassLib for method signature extraction, dokka documentation system for Kotlin, package.md and package-info documentation patterns, potential revival of Swing for modern desktop applications, simplified application architectures compared to enterprise apps with 30-40 tabs, LLM and AI making applications simpler with chat interfaces, JClassLib use cases including learning JVM internals and editing class files, approximately 3000 GitHub stars indicating 30000+ users, IntelliJ IDEA plugin availability, physicist background influencing interest in Java internals, Java Language Specification and Class File Format books, experimental physics approach to understanding JVM Ingo Kegel on twitter: @IngoKegel

An airhacks.fm conversation with Ingo Kegel (@IngoKegel) about: jprofiler Visual Studio Code integration using Kotlin Multiplatform, migrating Java code to Kotlin common code for cross-platform compatibility, transpiling to JavaScript for Node.js runtime, JClassLib bytecode viewer and manipulation library, Visual Studio Code's Language Server Protocol (LSP), profiling unit tests and performance regression testing, Java Flight Recorder (JFR) for production monitoring with custom business events, cost-driven development in cloud environments, serverless architecture with AWS Lambda and S3, performance optimization with parallelism in single-CPU environments, integrating profiling data with LLMs for automated optimization, MCP servers for AI agent integration, Gradle and Maven build system integration, cooperative window switching between JProfiler and VS Code, memory profiling and thread analysis, comparing streams vs for-loops performance, brokk AI's Swing-based LLM development tool, context-aware performance analysis, automated code optimization with AI agents, business event correlation with low-level JVM metrics, cost estimation based on cloud API calls, quarkus for fast startup times in serverless, performance assertions in System Tests, multi-monitor development workflow support Ingo Kegel on twitter: @IngoKegel

Descripción SEO para el episodio 727 de "atareao con Linux":En este episodio, abordo un problema común: la frustración al crear documentos importantes como tesis, proyectos o informes extensos utilizando herramientas tradicionales como Microsoft Word. Para ello, te traigo una solución innovadora y mucho más eficiente: Typst.Typst no es solo otra alternativa, es un lenguaje de marcado que combina la sencillez de Markdown con la potencia de LaTeX. Esto te permite centrarte únicamente en el contenido de tu documento, sin preocuparte por el formato. Una vez que eliges o creas una plantilla, la estética del documento, la tipografía y el diseño se manejan automáticamente.El episodio explora a fondo por qué Typst es la herramienta que estabas buscando: su sintaxis es increíblemente fácil de aprender y usar, la compilación a PDF es muchísimo más rápida que con LaTeX y, al ser un lenguaje de programación, permite automatizar tareas y simplificar tu trabajo.Para ilustrar su potencial, se presentan cuatro ejemplos prácticos:Un álbum de fotos: Demuestra cómo manejar fácilmente documentos con muchas imágenes.Un libro: Muestra la plantilla que Lorenzo usa para escribir sus libros sobre Bash y Docker, gestionando documentos largos de manera eficiente.Un CV: Utilizando una plantilla del Universo de Typst, se demuestra la capacidad para crear documentos con una presentación impecable.Un paper científico: Se destaca su capacidad para manejar documentos complejos con fórmulas y gráficos, igualando a LaTeX pero de forma más simple.Además, el episodio ofrece tres opciones para empezar a usar Typst: la versión en línea para trabajar en equipo, el editor gráfico Katvan y la integración con editores de código como Visual Studio Code y, la favorita de Lorenzo, Neovim, con la extensión Tinymist y Typst-Preview.Si eres un estudiante, un profesional o simplemente alguien que busca una forma más inteligente y productiva de crear documentos, este episodio es para ti. Descubre cómo dejar atrás las limitaciones de Word y adoptar una solución que te ahorrará tiempo y te permitirá enfocarte en lo que realmente importa: tu contenido.Más información y enlaces en las notas del episodio

Great developer experience isn't just about clean docs or helpful error messages—it's about intentionally delighting your user at every step. In this episode of Convergence.fm, host Ashok Sivanand is joined by Kenneth Auchenberg—former product leader at Microsoft and Stripe—for a masterclass on what it really takes to design and scale developer-centric platforms. The Convergence.fm podcast team is taking a break in the month of August, but we'll be back with new episodes in the fall. Until then, Ashok wants to share one of his favorite episodes. We'll be back in September with a new set of episodes on fostering engaged teams who ship delightful products. Thanks for watching and listening.  This episode originally aired June 24th, 2024 Kenneth helped shape Visual Studio Code and later played a key role in defining Stripe's gold-standard API experience. In this conversation, he breaks down the building blocks of DevEx success—from friction logging and human-centered design to measuring satisfaction and optimizing for the long tail of developers. They explore the differences between platform and infrastructure businesses, explain why most companies aren't ready to be platforms, and walk through frameworks for product metrics that matter. Whether you're designing your first SDK or scaling a full-fledged platform, you'll leave with actionable insights for making developers love your product. Unlock the full potential of your product team with Integral's player coaches, experts in lean, human-centered design. Visit integral.io/convergence for a free Product Success Lab workshop to gain clarity and confidence in tackling any product design or engineering challenge. Inside the episode… What Stripe got right about developer experience The difference between DevRel and DevEx How to test and measure developer delight When to evolve from infrastructure to platform Why great DevEx starts with product-market fit Mentioned in this episode… Stripe Microsoft / VS Code GitHub AWS Marketplace Shopify Superbase Recent.dev Subscribe to the Convergence podcast wherever you get podcasts including video episodes on YouTube at youtube.com/@convergencefmpodcast Learn something? Give us a 5 star review and like the podcast on YouTube. It's how we grow.

How do you get from ClickOps to DevOps? While at Build, Richard chatted with Steven Bucher about using Copilot in Azure to help build PowerShell scripts with Azure CLI to get you moving down the path of repeatable deployment. Steven talks about interacting with Copilot in Azure through the Portal, Azure CLI, and PowerShell. Using tools like GitHub Copilot in Visual Studio Code can help you start making Infrastructure as Code in Bicep or Terraform to move you along the path of automating reliable deployments!LinksCopilot in AzureAzure CLITerraformAI ShellPowerShell 7.5BicepGitHub Copilot on VS CodeRecorded May 19, 2025

In this episode, we highlight the newest features and enhancements in JAWS, ZoomText, and Fusion A key update across all three products is support for time-based Software Maintenance Agreements (SMAs), which let users run any version of the software released within their SMA period—offering more flexibility for perpetual license holders. For JAWS and Fusion users, a brand-new Label Manager simplifies managing custom labels for inaccessible web elements. The AI Labeler also gets smarter—suggesting and saving updated labels automatically. Spanish-speaking users benefit from MathCAT, now the default math interaction tool, offering better speech and Braille support for math content. Fusion's Live Text View now supports Navigation Quick Keys, enabling faster navigation through web pages, documents, PDFs, and emails. ZoomText and Fusion users can also try out DirectX 11 support through the Early Adopter Program, bringing improved performance, better multi-monitor support, and reduced resource usage. For ZoomText users specifically, this release brings improved compatibility with Google Docs, more accurate behavior in Outlook, and smoother cursor tracking in web and document environments. Additional updates improve AppReader, Reading Zones, and magnification stability. We also cover wide-ranging fixes and enhancements across Google Suite, Office apps, Braille displays, Visual Studio Code, and more. Whether you're a screen reader user, a magnification user, or both—this update delivers meaningful performance improvements and accessibility enhancements across the board.

An airhacks.fm conversation with Maurice Naftalin (@mauricenaftalin) about: experiences with Visual Age for Java and its visual programming approach with arrows connecting components, working on British Department of Health and Social Security project using Visual Age for Java for benefits system navigation, comparison of various Java IDEs including Visual J++, Sun Java Workshop, JBuilder, Eclipse, NetBeans, IntelliJ IDEA, and Visual Studio Code, advantages of VS Code for polyglot programming and its growing ecosystem, visual programming experiences with state charts for reactive systems, IBM Rational tools and UML integration, successful visual programming with NetBeans Matisse GUI builder and AWS Step Functions, Model Driven Architecture and code generation from UML diagrams, writing Java Generics and Collections book with Philip Wadler for Java 5 and updating it for a second edition, changes in Java idioms over 15 years including deprecation of wrapper class constructors, sequence collections as major addition to Java collections framework, PECS (Producer Extends Consumer Super) principle for generics, underappreciated Java collections like NavigableMap, preference for method references and keeping lambdas concise in streams, using Class::method notation instead of Class.method, Scottish countryside and Edinburgh living experiences, early internet challenges with 300 baud acoustic couplers influencing views on network distribution versus CD-ROMs, transition from safety-critical systems to Java training and consulting, importance of understanding bounded wildcards in generics, future impact of Project Valhalla on generics and collections Maurice Naftalin on twitter: @mauricenaftalin

Updating developer tools is essential for developers who want to stay efficient, secure, and competitive. In this episode of Building Better Developers with AI, Rob Broadhead and Michael Meloche explore how maintaining modern toolsets helps individuals and teams deliver better software, faster. With support from AI-generated analysis and real-world experience, they outline the risks of falling behind—and how to move forward. Listen to the full episode of Building Better Developers with AI for practical insights and ideas you can start applying today. Efficiency and Profitability When Updating Developer Tools AI captured the core message well: using outdated tools slows down delivery, creates unnecessary friction, and ultimately reduces profitability. For side hustlers and teams alike, this loss of efficiency can make or break a project. Rob pointed out that many developers begin their careers using only basic tools. Without proper exposure to modern IDEs like IntelliJ, Visual Studio Code, or Eclipse, they miss out on powerful features such as debugging tools, plugin support, container integration, and real-time collaboration. Warning Signs You Should Be Updating Developer Tools How do you know it's time to update your development tools? Rob and Michael discussed key red flags: Frequent crashes or poor performance Lack of support for modern languages or frameworks Weak integration with tools like GitHub Actions or Docker Outdated or unsupported plugins Inconsistent tooling across team members Neglecting to update developer tools can lead to slow onboarding, poor collaboration, and increased bugs—especially in fast-paced or regulated environments. Tool Standardization vs. Flexibility When Updating Tools There's a balance between letting developers choose their tools and ensuring consistency across a team. While personal comfort can boost productivity, it may also cause challenges when teams debug or collaborate. Rob and Michael recommend hosting internal hackathons to explore new toolchains or standardize workflows. These events give teams a structured way to evaluate tools and share findings. The Security Risk of Not Updating Developer Tools Michael highlighted that outdated tooling doesn't just slow developers down—it creates serious security and compliance risks. Being just one or two versions behind can open vulnerabilities that violate standards like HIPPA, OWASP or SOX. Regular updates to SDKs, plugins, and IDEs are essential for staying compliant, especially in sensitive industries like finance or healthcare. How to Evaluate New Tools Before Updating Developer Toolchains Rob offered a practical framework for evaluating new tools: Does it solve a real pain point? Start with a side project or proof of concept. Check for strong community support and documentation. Balance between stable and innovative. Michael added a note of caution: avoid adopting tools with little community activity or long-term support. If a GitHub project has only a couple of contributors and poor maintenance, it's a red flag. Developer Tools to Review and Update Regularly To keep your development environment current, Rob suggested reviewing these tool categories often: IDEs and code editors Version control tools CI/CD systems and build automation Testing and QA frameworks Package managers and dependency systems Containerization and environment management platforms Using AI to convert simple apps into different frameworks can also help evaluate new tools—just make sure not to share proprietary code. Final Thoughts Modern development demands modern tooling. From cleaner code to faster deployment and stronger team collaboration, the benefits of updating developer tools are clear. Whether you're an independent developer or part of a larger organization, regularly reviewing and upgrading your toolset is a habit worth forming. Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Navigating Communication Tools in Modern Workplaces Building a Portable Development Environment That is OS-agnostic Modern Tools For Monetizing Content Updating Developer Tools: Keeping Your Tools Sharp and Efficient Building Better Developers With AI Podcast Videos – With Bonus Content

How will coding agents change your code? While at Build, Carl and Richard chatted with Scott Hunter about the announcements around coding agents at the keynote. Scott talks about the agent mode available in Visual Studio Code - and now in Visual Studio! Agent mode allows the LLM to evaluate the code across an entire solution, not just the file you're currently looking at. You can create a workflow where GitHub issues are assigned to the agent, which then generates code and provides a pull request for evaluation. The agents are here and helping us do more!

Scott is the Vice President of Product for Azure Developer Experience. He builds all the .NET tools for Azure.   Topics of Discussion: [1:49] Scott's Microsoft journey and .NET evolution. [3:39] AI's transformative impact on software development. [6:08] Using ChatGPT and Deep Research. [8:41] Software Engineering Agent (Padawan). [11:20] Model Context Protocol (MCP). [11:51] GitHub workflow for agent-driven development. [15:53] Handling repetitive or non-fun development tasks. [19:41] How AI will bring back the tech for us. [21:15] Azure Spring Apps and modernization tools. [23:39] The Site Reliability Engineering (SRE) Agent, which helps monitor and manage cloud applications, reducing pager hits and automating common tasks. [29:02] Reducing developer toil so there's more time to do what they want to do. [31:22] The future organizational philosophy shift that may happen, while Scott reminds us that for the time being, you are still the operator and still in control. [33:37] The development of prompt libraries in tools like Visual Studio Code and Visual Studio to help developers create detailed prompts. [38:18] Scott emphasizes the importance of continuous feedback from developers to improve AI tools and make them more effective.   Mentioned in this Episode: Clear Measure Way Architect Forum Software Engineer Forum Programming with Palermo — New Video Podcast! Email us at programming@palermo.net. Clear Measure, Inc. (Sponsor) .NET DevOps for Azure: A Developer's Guide to DevOps Architecture the Right Way, by Jeffrey Palermo Scott Hunter: Microsoft's Azure & .NET Strategy- Episode 211 Scott Hunter: .NET8 - Episode 272 scott.hunter@microsoft.com   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

Jim talks with Daniel Rodriguez about the state of AI software development and its implementation in industry. They discuss Daniel's background at Microsoft & Anaconda, transformer-based technologies, software engineering as hard vs soft science, vibe coding, barriers to entry in software engineering, cognitive styles needed for programming, Daniel's history with LLMs, unit testing & test-driven development with AI, social aspects of AI adoption, quality concerns & technical debt, style consistency & aesthetics, approaches to steering LLMs through roles & personas, philosophical perspectives on LLM consciousness & intelligence, personification & interaction styles, memory & conversation history in models, agent-based systems & their historical origins, the future of agent frameworks, customer/user interaction within agent ecosystems, distributed systems, future predictions about inference costs & protocols, IDEs & linting tools, and much more. Episode Transcript JRS EP 289 - Adam Levine on AI-Powered Programming for Non-Developers Daniel Rodriguez is Chief Architect and acting Technical Lead at r.Potential, the first enterprise platform for optimizing hybrid teams of humans and digital workers. As the venture's overall technical architect, he designs and integrates a full stack of AI systems, combining Agentforce with advanced data, simulation, and orchestration technologies to bring that vision to life. Before r.Potential, Daniel bootstrapped and scaled retrieval-augmented AI services and agentic infrastructure at Anaconda. Earlier, at Microsoft, he maintained Azure TypeScript SDKs and co-created Visual Studio Code's Jupyter and Data Wrangler extensions, expanding cloud and data-science workflows.

Microsoft legit just dropped a book of AI updates at the Build Conference.We're going to go over the 5 most impactful AI-powered Microsoft Copilot updates and how they will change the future of work. Newsletter: Sign up for our free daily newsletterMore on this Episode: Episode PageJoin the discussion: Have a question? Join the convo here.Upcoming Episodes: Check out the upcoming Everyday AI Livestream lineupWebsite: YourEverydayAI.comEmail The Show: info@youreverydayai.comConnect with Jordan on LinkedInTopics Covered in This Episode:GitHub Copilot's Autonomous Coding Partner UpdateCopilot Tuning for Enterprise CustomizationIntroducing Agent Foundry on AzureMulti-Agent Orchestration in Copilot StudioComputer Use Automation in CopilotMCP Native Support in Microsoft SystemsTimestamps:00:00 "Everyday AI: Transform Your Business"06:42 AI Coding Assistant Evolution09:29 Copilot Tuning for Business Leaders10:56 Data Privacy Concerns in Cloud Use16:52 "AI Collaboration Among Tech Giants"20:48 "Multi-Agent Orchestration Cautions"22:59 "Multi-Agent Orchestration in Copilot Studio"25:27 OpenAI Copilot Access and Availability29:38 Copilot Pro: Versatile AI Agent35:13 Microsoft Embraces Open AI Collaboration36:57 "Security Concerns Slow AI Rollout"39:44 Subscribe & Review RequestKeywords:Microsoft Build 2025, AI updates, Copilot AI updates, GitHub Copilot, GitHub Copilot coding agent, Autonomous coding partner, Visual Studio Code, Multimodal understanding, Natural language prompts, MCP protocol, Model context protocol, Anthropic, Microsoft 365 Copilot, Business leaders, Copilot tuning, Organization's internal data, Low code model tuning, Task specific agents, Secure service boundary, Azure, Agent foundry, AI agent playground, Enterprise grade AI agents, Grok, Elon Musk, Microsoft Azure, Agent to agent protocol, A to A, Multi agent orchestration, Copilot Studio, Agents collaboration, Agentic memory, Automated validation tools, Computer use in Copilot, Desktop applications, Repetitive tasks, MCP native support, Windows 11, Future of work, Third party applications, Agentic web, Security and access controls.Send Everyday AI and Jordan a text message. (We can't reply back unless you leave contact info) Ready for ROI on GenAI? Go to youreverydayai.com/partner

Michael Truell is the co-founder and CEO of Anysphere, the company behind Cursor—the fastest-growing AI code editor in the world, reaching $300 million in annual recurring revenue just two years after its launch. In this conversation, Michael shares his vision for the future, lessons learned, and advice for preparing for the fast-approaching AI future.What you'll learn:• Cursor's early pivot from automating CAD to automating code• Michael's vision for “what comes after code” and how programming will evolve• Why Cursor built their own custom AI models despite not starting there• Key lessons from Cursor's rapid growth• Why “taste” and logic design will become more valuable engineering skills than technical coding ability• Why the market for AI coding tools is much larger than people realize—and why there will likely be one dominant winner• Michael's advice for engineers and product teams preparing for the AI future—Brought to you by:Eppo—Run reliable, impactful experimentsVanta—Automate compliance. Simplify securityOneSchema—Import CSV data 10x faster—Where to find Michael Truell:• X: https://x.com/mntruell• LinkedIn: https://www.linkedin.com/in/michael-t-5b1bbb122/• Website: https://mntruell.com/—In this episode, we cover:(00:00) Introduction to Michael Truell and Cursor(04:20) What comes after code(08:32) The importance of taste(12:39) Cursor's origin story(18:31) Why they chose to build an IDE(22:39) Will everyone become engineering managers?(24:31) How they decided it was time to ship(26:45) Reflecting on Cursor's success(32:03) Counterintuitive lessons on building AI products(34:02) Inside Cursor's stack(38:42) Defensibility and market dynamics in AI(46:13) Tips for using Cursor(51:25) Hiring and building a strong team(59:10) Staying focused amid rapid AI advancements(01:02:31) Final thoughts and advice for aspiring AI innovators—Referenced:• Cursor: https://www.cursor.com/• Microsoft Copilot: https://copilot.microsoft.com/• Scaling laws for neural language models: https://openai.com/index/scaling-laws-for-neural-language-models/• MIT: https://www.mit.edu/• Telegram: https://telegram.org/• Signal: https://signal.org/• WhatsApp: https://www.whatsapp.com/• Devin: https://devin.ai/• Visual Studio Code: https://code.visualstudio.com/• Chromium: https://chromium.googlesource.com/chromium/src/base/• Exploring ChatGPT (GPT) Wrappers—What They Are and How They Work: https://learnprompting.org/blog/gpt_wrappers• OpenAI's CPO on how AI changes must-have skills, moats, coding, startup playbooks, more | Kevin Weil (CPO at OpenAI, ex-Instagram, Twitter): https://www.lennysnewsletter.com/p/kevin-weil-open-ai• Behind the founder: Marc Benioff: https://www.lennysnewsletter.com/p/behind-the-founder-marc-benioff• DALL-E 3: https://openai.com/index/dall-e-3/• Stable Diffusion 3: https://stability.ai/news/stable-diffusion-3—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe

Get featured on the show by leaving us a Voice Mail: https://bit.ly/MIPVM FULL SHOW NOTES https://www.microsoftinnovationpodcast.com/680 Microsoft's AI landscape has evolved into three distinct categories: Copilot for Microsoft 365 (M365) applications, Copilot Studio for low-code chatbot development, and Azure AI Foundry (formerly AI Studio) for pro-code flexibility with AI models. Join Nanddeep Nachan on today's Power Platform Show to learn more. TAKEAWAYs• Declarative agents provide the simplest approach to extending Copilot functionality without complex licensing• Teams toolkit in Visual Studio Code offers an easy way to create declarative agents using simple JSON configurations• Copilot Studio gives business users a drag-and-drop interface for creating virtual assistants quickly• Azure AI Foundry provides comprehensive tools for developers and data scientists building advanced AI solutions• Retrieval Augmented Generation (RAG) pattern bridges the gap between LLMs and organization-specific data• Contract management use cases demonstrate how AI can extract insights from millions of documents• Graph RAG pattern enables "global queries" that deliver insights across entire document collections• AI Foundry solutions can be deployed directly to websites, Teams apps, or Microsoft 365 Copilot• Despite impressive personal productivity gains, many organizations still struggle to find compelling enterprise-level use cases for CopilotThis year we're adding a new show to our line up - The AI Advantage. We'll discuss the skills you need to thrive in an AI-enabled world. DynamicsMinds is a world-class event in Slovenia that brings together Microsoft product managers, industry leaders, and dedicated users to explore the latest in Microsoft Dynamics 365, the Power Platform, and Copilot.Early bird tickets are on sale now and listeners of the Microsoft Innovation Podcast get 10% off with the code MIPVIP144bff https://www.dynamicsminds.com/register/?voucher=MIPVIP144bff Accelerate your Microsoft career with the 90 Day Mentoring Challenge We've helped 1,300+ people across 70+ countries establish successful careers in the Microsoft Power Platform and Dynamics 365 ecosystem.Benefit from expert guidance, a supportive community, and a clear career roadmap. A lot can change in 90 days, get started today!Support the showIf you want to get in touch with me, you can message me here on Linkedin.Thanks for listening

What can agentic AI do for you? Richard talks to Tim Warner about his work utilizing next generation agentic AI technologies to help with sysadmin tasks. Tim talks about the early lead that Cursor AI took with AI agents capable of writing and executing scripts on your behalf - as opposed to just creating code you can cut-and-paste. Today, GitHub Copilot has caught up with Agent Mode in Copilot Edits, although still in preview, it speaks to a future where sysadmins use these tools to write better scripts for work - and get more done in less time!LinksCursor AIOpenAI OperatorGitHub CopilotCopilot EditsRecorded February 17, 2025

In this episode, I, Stewart Alsop III, sat down with AJ Beckner to walk through how non-technical founders can build a deeper understanding of their codebase using AI tools like Cursor and Claude. We explored the reality of navigating an IDE as a beginner, demystified Git and GitHub version control, and walked through practical ways to clone a repo, open it safely in Cursor, and start asking questions about your app's structure and functionality without breaking anything. AJ shared his curiosity about finding specific text in his app and how to track that down across branches. We also looked at using AI-powered tools for tasks like dependency analysis and visualizing app architecture, with a focus on empowering non-devs to gain confidence and clarity in their product's code. You can connect with AJ through Twitter at @thisistheaj.Check out this GPT we trained on the conversation!Timestamps00:00 – Stewart introduces Cursor as a fork of Visual Studio Code and explains the concept of an IDE to AJ, who has zero prior experience. They talk about the complexity of coding and the importance of developer curiosity.05:00 – They walk through cloning a GitHub repository using the git clone command. Stewart highlights that AJ won't break anything and introduces the idea of a local playground for exploration.10:00 – Stewart explains Git vs GitHub, the purpose of version control, and how to use the terminal for navigation. They begin setting up the project in Cursor using the terminal rather than GUI options.15:00 – They realize only a README was cloned, leading to a discussion about branches—specifically the difference between main and development branches—and how to clone the right one.20:00 – Using git fetch, they get access to the development branch. Stewart explains how to disconnect from Git safely to avoid pushing changes.25:00 – AJ and Stewart begin exploring Cursor's AI features, including the chat interface. Stewart encourages AJ to start asking natural-language questions about the app structure.30:00 – Stewart demonstrates how to ask for a dependency analysis and create mermaid diagrams for visualizing how app modules are connected.35:00 – They begin identifying specific UI components, including finding and editing the home screen title. AJ uploads a screenshot to use as reference in Cursor.40:00 – They successfully trace the UI text to an index.tsx file and discuss the layout's dependency structure. AJ learns how to use search and command-F effectively.45:00 – They begin troubleshooting issues with Claude's GitHub integration, exploring Claude MCP servers and configuration files to fix broken tools.50:00 – Stewart guides AJ through using npm to install missing packages, explains what Node Package Manager is, and reflects on the interconnected nature of modern development.55:00 – Final troubleshooting steps and next steps. Stewart suggests bringing in Phil for deeper debugging. AJ reflects on how empowered he now feels navigating the codebase.Key InsightsYou don't need to be a developer to understand your app's codebase: AJ Beckner starts the session with zero familiarity with IDEs, but through Stewart's guidance, he begins navigating Cursor and GitHub confidently. The key idea is that non-technical founders can develop real intuition about their code—enough to communicate better with developers, find what they need, and build trust with the systems behind their product.Cursor makes AI-native development accessible to beginners: One of the biggest unlocks in this episode is seeing how Cursor, a VS Code fork with AI baked in, can answer questions about your codebase in plain English. By cloning the GitHub repo and indexing it, AJ is able to ask, “Where do I change this text in the app?” and get direct, actionable guidance. Stewart points out that this shifts the role of a founder from passively waiting on answers to actively exploring and editing.Version control doesn't have to be scary—with the right framing: Git and GitHub come across as overwhelming to many non-engineers, but Stewart breaks it down simply: Git is the local system that helps keep changes organized and non-destructive, and GitHub is the cloud-based sharing tool layered on top. Together, they allow safe experimentation, like cloning a development branch and disconnecting it from the main repo to create a playground environment.Branching strategies reflect how work gets done behind the scenes: The episode includes a moment of discovery: AJ cloned the main branch and only got a README. Stewart explains that the real work often lives in a “development” branch, while “main” is kept stable for production. Understanding this distinction helps AJ (and listeners) know where to look when trying to understand how features are actually being built and tested.Command line basics give you superpowers: Rather than relying solely on visual tools, Stewart introduces AJ to the terminal—explaining simple commands like cd, git clone, and git fetch—and emphasizes that the terminal has been the backbone of developer work for decades. It's empowering to learn that you can use just a few lines of text to download and explore an entire app.Modern coding is less about code and more about managing complexity: A recurring theme in the conversation is the sheer number of dependencies, frameworks, and configuration files that make up any modern app. Stewart compares this to a reflection of modern life—interconnected and layered. Understanding this complexity (rather than being defeated by it) becomes a mindset that AJ embraces as part of becoming technically fluent.AI will keep lowering the bar to entry, but learning fundamentals still matters: Stewart shares how internal OpenAI coding models went from being some of the worst performers two years ago to now ranking among the top 50 in the world. While this progress promises an easier future for non-devs, Stewart emphasizes the value of understanding what's happening under the hood. Tools like Claude and Cursor are incredibly powerful, but knowing what they're doing—and when to be skeptical—is still key.

Choosing the right code editor can make or break a web developer's workflow. In this episode, we dive into the Top 5 Code Editors for Web Developers—exploring their strengths, quirks, and everything in between. From the widely-loved Visual Studio Code to the blazing-fast newcomer Zed, we discuss which editors could suit your coding style. Whether you're a fan of Vim's keyboard mastery, WebStorm's all-in-one features, or experimenting with modern tools like Cursor, there's something here for everyone. Tune in to find the perfect fit for your development journey! Show Notes: https://www.htmlallthethings.com/podcasts/top-5-code-editors-for-web-developers

Attacker of of Ephemeral Ports Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Malware%20Source%20Servers%3A%20The%20Threat%20of%20Attackers%20Using%20Ephemeral%20Ports%20as%20Service%20Ports%20to%20Upload%20Data/31710 Compromised Visal Studio Code Extension downloaded by Millions Amit Assaraf identified a likely compromised Visual Studio Code theme that was installed by millions of potential victims. Amit did not disclose the exact malicious behaviour, but is asking for victims to contact them for details. https://medium.com/@amitassaraf/a-wolf-in-dark-mode-the-malicious-vs-code-theme-that-fooled-millions-85ed92b4bd26 ByBit Theft Due to Compromised Developer Workstation ByBit and Safe{Wallet} disclosed that the record breaking ethereum theft was due to a compromised Safe{Wallet} developer workstation. A replaced JavaScript file targeted ByBit and altered a transaction signed by ByBit. https://x.com/benbybit/status/1894768736084885929 https://x.com/safe/status/1894768522720350673 PoC for NAKIVO Backup Replication Vulnerability This vulnerability allows the compromise of NAKIVO backup systems. The vulnerability was patched silently in November, and never disclosed by NAKIVO. Instead, WatchTowr now disloses details including a proof of concept exploit. https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/ OpenH264 Vulnerability https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x rsync vulnerability exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog

We celebrate 600 episodes, announce a new show feature, and officially launch the FreeBSD challenge.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks: