TL;Der — Developer news digest

tlder@dev
tlder@dev:~$

Your dev world, TL;DR'd. 486 items across all categories. covering May 1 → Jul 17

└─worth-opening/(156 items)

The clearest side-by-side of the two labs' opposing bets on AI regulation — read it if you ever need to explain where the state-versus-federal fight is actually heading.
└─·leadership
The clearest read on what Murati's lab is actually betting on — customization over raw benchmark wins — and why a 975B open-weight release matters right now.
└─·ai-ml

└─cross-cutting/(95 items)

A malformed tar header with a negative entry size can wedge tar.replace in an infinite loop; the fix shipped Sunday in 7.5.18 alongside two lesser parser bugs.
└─·security,backend·GitHub (isaacs/node-tar)
OpenAI ships two dedicated voice models that can listen and speak at the same time, replacing the current Advanced Voice Mode and landing in the API.
└─·mobile·OpenAI
Jul 13
Jul 13·cat news/20260713-ios-ios-27-public-beta-1
cat news/20260713-ios-ios-27-public-beta-1
iOS 27 public beta 1 arrives
Apple opened the first public beta of iOS 27, landing right on the mid-July window it had signaled.
└─9to5Mac
Jul 13
Jul 13·cat news/20260713-ios-ios-ipados-266-beta5
cat news/20260713-ios-ios-ipados-266-beta5
iOS 26.6 developer beta 5 seeds a new anti-theft feature
The fifth 26.6 developer beta tweaks the contact-block limit and quietly lays groundwork for anti-theft protection that isn't switched on yet.
└─9to5Mac
Jul 2
Jul 2·cat news/20260702-ios-ios-2652-ships-25-security
cat news/20260702-ios-ios-2652-ships-25-security
iOS 26.5.2 Ships with 25 Security Patches
Apple pushed iOS 26.5.2 on July 2 with 25 security fixes, releasing before any public exploit disclosure — an unusually proactive cadence.
└─Forbes
Jun 25
Jun 25·cat news/20260625-ios-xcode-266-17f113-ships
cat news/20260625-ios-xcode-266-17f113-ships
Xcode 26.6 (17F113) Ships as Maintenance Drop
Apple pushed Xcode 26.6 build 17F113 on June 25 alongside a routine App Store Connect tooling update, with no major feature additions.
└─Apple Developer
Apr 28
Apr 28·cat news/20260502-ios-appstore-sdk-ios26-req
cat news/20260502-ios-appstore-sdk-ios26-req
App Store Connect now requires iOS 26 SDK for all new app uploads
Starting April 28, 2026, all apps submitted to App Store Connect must be built with the iOS 26 and iPadOS 26 SDK.
└─Apple Developer
Jul 7
Jul 7·cat news/20260707-android-security-bulletin-jul-2026
cat news/20260707-android-security-bulletin-jul-2026
Android Security Bulletin July 2026 Patches 57 Vulnerabilities, Five Critical
Google's July bulletin addresses 57 vulnerabilities across Android and Samsung-specific components, with five rated Critical.
└─Android Open Source Project
Jul 7
Jul 7·cat news/20260707-android-developer-id-apis-jul26
cat news/20260707-android-developer-id-apis-jul26
Android Developer ID Status and Console APIs Enter Early Access
Two new Android Developer ID interfaces launched in July, alongside early access for a free limited-distribution account lane.
└─Android Developers Blog
Jul 1
Jul 1·cat news/20260701-android-compose-ui-1120-beta02
cat news/20260701-android-compose-ui-1120-beta02
Jetpack Compose UI 1.12.0-beta02 Adds Credential Manager Semantics and Better Stability Inference
Compose UI 1.12.0-beta02 lands with Credential Manager integration, a trackpad pinch gesture flag, and recomposition improvements that come for free with Kotlin 2.2.
└─Android Developers
Jun 18
Jun 18·cat news/20260618-android-dev-verification-ini
cat news/20260618-android-dev-verification-ini
Google Launches Android Developer Verification Initiative
Google announced a developer verification initiative aimed at reducing malicious apps on the Play Store and broader Android ecosystem.
└─Android Developers Blog
Jul 14
Jul 14·cat news/20260714-kotlin-multiplatform-kotlin-fdn-grant-26
cat news/20260714-kotlin-multiplatform-kotlin-fdn-grant-26
Kotlin Foundation 2026 Grant Program Closes July 14
The Kotlin Foundation's 2026 grant program closes July 14, with Kotlin Multiplatform projects among the eligible categories.
└─JetBrains Blog
Jun 21
Jun 21·cat news/20260621-kotlin-multiplatform-kotlin-240-rel
cat news/20260621-kotlin-multiplatform-kotlin-240-rel
Kotlin 2.4.0 Released with Swift Package Dependencies and Default CMS GC
Kotlin 2.4.0 ships the previewed KotlinConf features as GA, with Swift package support in Kotlin/Native making KMP-to-Apple-platform targeting meaningfully less friction.
└─JetBrains Kotlin Blog
May 21
May 21·cat news/20260521-kmp-kotlinconf26-keynote-sub
cat news/20260521-kmp-kotlinconf26-keynote-sub
KotlinConf 2026 Keynote Unveils Kotlin 2.4.0 Preview, Wasm Beta, and Agent Client Protocol
The KotlinConf 2026 keynote landed Kotlin 2.4.0 in preview, pushed Kotlin/Wasm to Beta, introduced an 18-month security support policy for the standard library, and revealed JetBrains co-leading a new open Agent Client Protocol standard.
└─JetBrains Kotlin Blog
Jul 1
Jul 1·cat news/20260701-flutter-dart-dart-312-genkit-mcp
cat news/20260701-flutter-dart-dart-312-genkit-mcp
Dart 3.12 Ships Private Named Parameters, Genkit Integration, and MCP Hot Reload
Dart 3.12 lands private named parameters and experimental primary constructors alongside a new Genkit framework and an MCP server that lets AI agents trigger hot reload.
└─Dart Blog
May 28
May 28·cat news/20260528-react-native-expo-router-v56-fo
cat news/20260528-react-native-expo-router-v56-fo
Expo Router v56 Forks from React Navigation, Adds Streaming SSR and Android Toolbar
Expo Router v56 ships its own navigation stack — severing the React Navigation dependency — alongside streaming SSR and a new Android toolbar.
└─Expo Engineering Blog
────────────────────────────────────────────────────────────
Jul 1
Jul 1·cat news/20260701-css-browsers-edge-150-css-feats
cat news/20260701-css-browsers-edge-150-css-feats
Microsoft Edge 150 Adds AccentColor System Colors, light-dark() Images, and text-fit
Edge 150 ships four CSS additions — OS accent color values, image-switching via light-dark(), comma-separated container queries, and a text-fit property that scales font size to fill its container.
└─Microsoft Learn
Jun 30
Jun 30·cat news/20260630-css-browsers-chrome-150-stable
cat news/20260630-css-browsers-chrome-150-stable
Chrome 150 Stable Released on Schedule
Chrome 150 hit the stable channel on June 30, exactly when the Chrome 149 release post said it would.
└─Chrome Releases Blog
Jun 16
Jun 16·cat news/20260616-css-browsers-firefox-152-stable
cat news/20260616-css-browsers-firefox-152-stable
Firefox 152 Ships JPEG XL by Default, Redesigned Settings, and Notification Action Buttons
Firefox 152 graduates JPEG XL from Labs to stable, ships a redesigned Settings UI, adds widget support on New Tab pages, and brings action-button support for web notifications.
└─9to5Linux
Jun 9
Jun 9·cat news/20260609-css-browsers-chrome-cve-2026-11645
cat news/20260609-css-browsers-chrome-cve-2026-11645
Chrome 149 Security Patch Fixes Actively Exploited V8 Zero-Day CVE-2026-11645
Google shipped Chrome 149.0.7827.102/.103 on June 9 to plug an out-of-bounds read/write in V8 that is already being exploited in the wild.
└─Help Net Security
Jul 8
Jul 8·cat news/20260709-typescript-ts7-go-native-detail
cat news/20260709-typescript-ts7-go-native-detail
TypeScript 7.0 Ships a Go-Native Compiler with ~10x Throughput
TypeScript 7.0 lands with a compiler rewritten in Go, delivering around 10x faster builds through shared-memory parallelism across parsing, type-checking, and emit phases.
└─Microsoft DevBlogs
Jun 30
Jun 30·cat news/20260630-typescript-ts7-beta-vs2026-insid
cat news/20260630-typescript-ts7-beta-vs2026-insid
TypeScript 7 Beta Enabled by Default in Visual Studio 2026 18.6 Insiders 3
Visual Studio 2026 18.6 Insiders 3 ships with the Go-rewritten TypeScript 7 Beta on by default, giving Windows devs their first integrated look at the 10x faster native type-checker.
└─devblogs.microsoft.com
Jul 1
Jul 1·cat news/20260701-react-shadcnui-base-ui-default
cat news/20260701-react-shadcnui-base-ui-default
shadcn/ui Switches Default Primitive Library to Base UI
Running `npx shadcn init` now scaffolds new projects on Base UI instead of Radix, following data showing new projects picked Base UI over Radix two-to-one.
└─shadcn/ui changelog
Jun 1
Jun 1·cat news/20260601-react-react-19-formdata-patch
cat news/20260601-react-react-19-formdata-patch
React 19 Patch Releases Fix FormData Regression in Server Actions
React 19.0.7, 19.1.8, and 19.2.7 all shipped June 1 with a same-day fix for a FormData regression in Server Actions introduced by the previous patch on each branch.
└─GitHub
May 20
May 20·cat news/20260520-react-wordpress-70-shipped
cat news/20260520-react-wordpress-70-shipped
WordPress 7.0 Ships on May 20 with Real-Time Collaboration Deferred
WordPress 7.0 reached final release on May 20 after a cycle extension, but real-time collaboration was pulled from the milestone due to unresolved race conditions and memory concerns.
└─WordPress Developer Blog
Jul 1
Jul 1·cat news/20260701-svelte-sveltekit-july-2026-roundup
cat news/20260701-svelte-sveltekit-july-2026-roundup
What's New in Svelte: July 2026
SvelteKit shipped versions 2.62.0 through 2.68.0 this month, previewing several Kit 3 configuration changes and adding explicit environment variable support, remote query refresh, and smarter form handling.
└─Svelte Blog
Jun 3
Jun 3·cat news/20260603-svelte-svelte-june-2026-whats-new
cat news/20260603-svelte-svelte-june-2026-whats-new
Svelte's June 2026 Roundup Covers Language Tools, AI Integrations, and Vite Plugin Updates
The monthly Svelte community roundup for June 2026 highlights updates across language-tools, AI tooling integrations, and vite-plugin-svelte.
└─Svelte Blog
May 1
May 1·cat news/20260501-svelte-sveltekit-may-2026-rel
cat news/20260501-svelte-sveltekit-may-2026-rel
SvelteKit 2.56-2.57, Svelte 5.55, and sv CLI 0.1.0 ship TypeScript 6.0 support and breaking query changes
The Svelte May 2026 roundup brings SvelteKit TypeScript 6.0 compatibility, a new form-field default-value API, motion-type exports in Svelte 5.55, and the sv CLI's first stable community add-ons feature — alongside several breaking changes to query lifecycle.
└─Svelte Blog
Jun 29
Jun 29·cat news/20260629-nextjs-nextjs-163-turbopack-upd
cat news/20260629-nextjs-nextjs-163-turbopack-upd
Next.js 16.3 Turbopack: Memory Eviction, Persistent Cache, and Rust React Compiler
The June 29 Turbopack post fills in the compiler half of 16.3 — memory eviction for long dev sessions, persistent build caching, a Rust-native React Compiler, and Vite-compatible `import.meta.glob`.
└─nextjs.org/blog
Jun 2
Jun 2·cat news/20260602-nextjs-nextjs-1626-bugfix-drop
cat news/20260602-nextjs-nextjs-1626-bugfix-drop
Next.js 16.2.6 Backports Hydration Fix and Docs Correction
Next.js 16.2.6 ships two backported fixes: a dev-mode hydration failure when pages are served from HTTP cache, and a documentation correction for the 16.2 release.
└─GitHub (vercel/next.js)
May 13
May 13·cat news/20260513-nextjs-nextjs-security-13-cves
cat news/20260513-nextjs-nextjs-security-13-cves
Next.js Security Release Expands to 13 Advisories with CVE-2026-23870 RSC DoS
Vercel's May security release now covers 13 advisories including CVE-2026-23870, a React Server Components denial-of-service vulnerability, with patched versions Next.js 15.5.18 and 16.2.6 available.
└─Vercel
────────────────────────────────────────────────────────────
Jul 8
Jul 8·cat news/20260708-nodejs-node-26-5-0-current-rel
cat news/20260708-nodejs-node-26-5-0-current-rel
Node.js v26.5.0 (Current)
Node.js 26.5.0 lands streaming text from Blobs, experimental text-file imports, and a pair of crypto hardening fixes.
└─nodejs.org
Jun 30
Jun 30·cat news/20260630-nodejs-nodejs-one-major-per-year
cat news/20260630-nodejs-nodejs-one-major-per-year
Node.js Moves to One Major Release Per Year Starting with Node.js 27
The Node.js project is restructuring its release cadence to one major version per year, dropping the odd/even split and making every release LTS-eligible.
└─nodejs.org
Jun 18
Jun 18·cat news/20260618-nodejs-june-2026-security-rel
cat news/20260618-nodejs-june-2026-security-rel
Node.js v22.23.0, v24.17.0, v26.3.1 Released with 13 CVE Fixes
The June 2026 security drop lands actual release builds across all three active lines, patching two HIGH-severity CVEs including a WebCrypto integer overflow and a TLS wildcard authentication bypass.
└─nodejs.org
Jun 1
Jun 1·cat news/20260601-nodejs-node-25-eol-june-2026
cat news/20260601-nodejs-node-25-eol-june-2026
Node.js 25 Reaches End of Support
Node.js 25 went end-of-life on June 1, 2026 and will receive no further security updates.
└─Node.js
May 5
May 5·cat news/20260505-nodejs-node-26-major-release
cat news/20260505-nodejs-node-26-major-release
Node.js 26.0.0 Released with Temporal API and V8 14.6
Node.js 26 ships as the new Current release with Temporal API enabled by default, V8 14.6, and several breaking changes including removal of legacy stream modules and the writeHeader method.
└─Node.js
Jul 9
Jul 9·cat news/20260709-rust-announcing-rust-1-97-0
cat news/20260709-rust-announcing-rust-1-97-0
Announcing Rust 1.97.0
Rust 1.97.0 makes symbol mangling v0 the default, hands Cargo real warning control, and surfaces linker messages that were silently swallowed before.
└─The Rust Blog
May 28
May 28·cat news/20260528-rust-rust-1-96-0
cat news/20260528-rust-rust-1-96-0
Rust 1.96.0 Released
The new core::range types are now Copy, two pattern-matching assertion macros land, and the wasm linker stops silently inventing imports.
└─Rust Blog
May 15
May 15·cat news/20260515-rust-azure-sdk-rust-stable
cat news/20260515-rust-azure-sdk-rust-stable
Microsoft Releases Stable Azure SDK for Rust
Microsoft shipped the stable Azure SDK for Rust, delivering production-ready crates for Core, Identity, Key Vault, and Storage services.
└─Microsoft Dev Blogs
Jul 7
Jul 7·cat news/20260707-go-go-1265-1-25-12-security
cat news/20260707-go-go-1265-1-25-12-security
Go 1.26.5 and 1.25.12 Security Releases
Both active Go release lines picked up security patches on July 7 covering the same flaws in crypto/tls and the os package.
└─Go Releases
Jun 2
Jun 2·cat news/20260602-go-go-1264-security-patch
cat news/20260602-go-go-1264-security-patch
Go 1.26.4 and 1.25.11 Released with Crypto and MIME Security Fixes
Go pushed patch releases for both active lines fixing vulnerabilities in crypto/x509, mime, and net/textproto.
└─go.dev
Jul 7
Jul 7·cat news/20260707-python-jit-steering-council-pep
cat news/20260707-python-jit-steering-council-pep
Python's Steering Council Gives JIT Compiler Six Months to Formalize or Face Removal
The Steering Council has put the experimental JIT compiler on a six-month clock to produce a standards-track PEP — otherwise it gets cut from CPython main.
└─Real Python
Jun 18
Jun 18·cat news/20260618-python-fastapi-01372-released
cat news/20260618-python-fastapi-01372-released
FastAPI 0.137.2 Released
FastAPI 0.137.2 ships June 18, the third patch in the 0.137.x series following 0.137.0 and 0.137.1 earlier the same week.
└─GitHub
Jun 10
Jun 10·cat news/20260610-python-python-3146-31314-rel
cat news/20260610-python-python-3146-31314-rel
Python 3.14.6 and 3.13.14 Released
The Python core team shipped maintenance releases for both active branches on June 10, carrying a combined ~419 bugfixes, build improvements, and documentation corrections.
└─Python.org
May 6
May 6·cat news/20260506-python-python-2026-roadma
cat news/20260506-python-python-2026-roadma
Python 2026 Roadmap: Free-Threading, Lazy Imports, and Further Speed Gains
A New Stack overview of Python's 2026 roadmap highlights official free-threading support, lazy import machinery, and continued interpreter performance work as the main themes for the year.
└─The New Stack
Jun 30
Jun 30·cat news/20260604-javajvm-spring-boot-35-eol-jun30
cat news/20260604-javajvm-spring-boot-35-eol-jun30
Spring Boot 3.5 Free Support Ends June 30
Spring Boot 3.5 reaches end of open-source support on June 30, leaving teams without a commercial agreement dependent on self-patching or a migration to 4.x.
└─endoflife.date
Jun 21
Jun 21·cat news/20260621-javajvm-kotlin-240-stable-release
cat news/20260621-javajvm-kotlin-240-stable-release
Kotlin 2.4.0 Stable Released with Wasm Component Model and Swift Package Support
Kotlin 2.4.0 graduates from preview to stable, shipping Wasm Component Model support, Swift packages as Native dependencies, and an 18-month stdlib security support policy.
└─JetBrains Kotlin Blog
May 19
May 19·cat news/20260519-javajvm-jdk27-jeps-batch-may19
cat news/20260519-javajvm-jdk27-jeps-batch-may19
Four JDK 27 JEPs Advance to Review: G1 Universal Default, Compact Headers, Vector API, PEM
JDK 27 review cycles opened for JEP 523 (G1 as universal default GC), JEP 534 (compact object headers default), JEP 537 (Vector API 12th incubator), and JEP 538 (new PEM encoding/decoding API).
└─TensorBlue / Java News Roundup
May 14
May 14·cat news/20260514-javajvm-java-post-quantum-tls
cat news/20260514-javajvm-java-post-quantum-tls
Java Gets Post-Quantum TLS - Inside Java Newscast #112
Oracle's Inside Java Newscast #112 details post-quantum TLS support being added to the JDK, a major cryptographic hardening ahead of quantum computing threats.
└─Inside Java (Oracle)
May 14
May 14·cat news/20260514-javajvm-geecon-2026-krakow
cat news/20260514-javajvm-geecon-2026-krakow
GeeCon 2026 in Kraków, Poland (May 14-15)
GeeCon 2026 runs May 14-15 in Kraków with sessions on JDK 27 roadmap items including Structured Concurrency and what excites developers most about Java in 2026.
└─JetBrains Blog
Jun 15
Jun 15·cat news/20260615-apis-salesforce-summer26-apex-agent
cat news/20260615-apis-salesforce-summer26-apex-agent
Salesforce Summer '26: Agent Script Goes Open-Source, Agentforce Builder Hits GA
Salesforce's Summer '26 release lands new Apex user-mode defaults alongside Agent Script (Apache 2.0) and a programmatic Agent Builder API for configuring Agentforce agents in code.
└─Salesforce Developers Blog
Jun 1
Jun 1·cat news/20260601-apis-dbt-v2-alpha-snowflake-summit
cat news/20260601-apis-dbt-v2-alpha-snowflake-summit
dbt Core v2.0 Alpha Debuts at Snowflake Summit
dbt Labs released dbt Core v2.0 in alpha at Snowflake Summit 2026, introducing support for user-defined function deferral.
└─dbt Labs
May 21
May 21·cat news/20260521-apis-kotlinconf-acp-open-stand
cat news/20260521-apis-kotlinconf-acp-open-stand
JetBrains Unveils Agent Client Protocol, an Open Standard for IDE-Agent Communication
JetBrains co-launched the Agent Client Protocol at KotlinConf, an open standard defining how coding agents interact with IDEs.
└─JetBrains Blog
May 13
May 13·cat news/20260513-apis-github-enterprise-install-api
cat news/20260513-apis-github-enterprise-install-api
GitHub Launches Enterprise Installation API in Public Preview
A new GitHub API in public preview lets GitHub Apps directly query whether they are installed on a specific enterprise and retrieve the installation ID, eliminating the need to paginate all installations.
└─GitHub Changelog
────────────────────────────────────────────────────────────
Jul 6
Jul 6·cat news/20260706-warehouses-databricks-genie-payg-agents
cat news/20260706-warehouses-databricks-genie-payg-agents
Databricks Genie goes pay-as-you-go today, Genie Spaces renamed Genie Agents
Starting July 6, Databricks Genie products (Spaces, Code, One) move from included to pay-as-you-go billing, with 150 free DBUs per user per month and Genie Spaces rebranded as Genie Agents.
└─Databricks
Jun 16
Jun 16·cat news/20260616-warehouses-databricks-dais-agentbricks
cat news/20260616-warehouses-databricks-dais-agentbricks
Databricks opens its summit with a bigger Agent Bricks and Unity AI Gateway
At the Data + AI Summit keynote, Databricks expanded Agent Bricks into a fuller agent-building platform and introduced Unity AI Gateway for governing AI assets in one place.
└─Databricks
Jun 7
Jun 7·cat news/20260607-warehouses-snowflake-databricks-age
cat news/20260607-warehouses-snowflake-databricks-age
Snowflake and Databricks Both Want to Own the Agentic Layer Above Your Data
A SiliconAngle analysis unpacks how Snowflake and Databricks are racing past data platforms to claim the agentic AI tier — the layer that enterprise users will actually talk to.
└─SiliconAngle
May 4
May 4·cat news/20260504-warehouses-amazon-quick-ga
cat news/20260504-warehouses-amazon-quick-ga
Amazon Quick launches free and paid tiers with expanded enterprise data source integrations
Amazon's Quick AI assistant is now available in Free and Plus pricing tiers with a native desktop app for macOS and Windows, adding connectors for Google Workspace, Zoom, Airtable, Dropbox, and Microsoft Teams alongside visual asset generation.
└─AWS Blog
Nov 12
Nov 12·cat news/20261112-databases-postgresql-14-eol-deadline
cat news/20261112-databases-postgresql-14-eol-deadline
PostgreSQL 14 reaches end-of-life on November 12, 2026
PostgreSQL 14 will receive no further security patches or bug fixes after November 12, 2026, requiring teams to migrate to a supported major version.
└─PostgreSQL Global Development Group
Jul 3
Jul 3·cat news/20260703-databases-clickhouse-266-record-re
cat news/20260703-databases-clickhouse-266-record-re
ClickHouse 26.6 lands 56 new features and 79 performance optimizations on its 10-year anniversary
The anniversary release introduces hypothetical skip indexes, cascading refreshable materialized views, an experimental continuous-query STREAM mode, and a PNG output format — the largest single release in the project's history.
└─ClickHouse Blog
Jun 29
Jun 29·cat news/20260629-databases-clickhouse-26541-new
cat news/20260629-databases-clickhouse-26541-new
ClickHouse 26.5.4.21 released
ClickHouse opens the 26.5.x line with a patch release on June 29, adding to the already-active 26.3 LTS and 26.4 tracks.
└─GitHub
Jun 23
Jun 23·cat news/20260623-databases-clickhouse-26315-lts-patch
cat news/20260623-databases-clickhouse-26315-lts-patch
ClickHouse 26.3.15.4 LTS released
ClickHouse cut a new patch in the 26.3 LTS series, shipping 52 release assets for amd64 and arm64 across tarball, RPM, and DEB formats.
└─GitHub Releases
Jun 8
Jun 8·cat news/20260608-databases-clickhouse-26448-replacingmerge
cat news/20260608-databases-clickhouse-26448-replacingmerge
ClickHouse 26.4.4.38 patches a ReplacingMergeTree server abort
ClickHouse 26.4.4.38 fixes a server crash on SELECT queries where the lazy-FINAL optimization dropped the is_deleted column from the output header in ReplacingMergeTree tables.
└─ClickHouse GitHub
Jul 15
Jul 15·cat news/20260715-pipelines-etl-dbt-state-virtual-ev
cat news/20260715-pipelines-etl-dbt-state-virtual-ev
dbt State virtual event scheduled for July 15
dbt Labs is hosting a free live virtual event on July 15 focused on warehouse compute cost savings.
└─getdbt.com
Jun 1
Jun 1·cat news/20260601-pipelines-etl-dbt-v2-alpha-snow
cat news/20260601-pipelines-etl-dbt-v2-alpha-snow
dbt Core v2.0 enters alpha at Snowflake Summit
dbt Labs unveiled the first alpha of dbt Core v2.0 at Snowflake Summit, the biggest version bump since the project launched, headlined by UDF-aware deferral.
└─dbt Labs
May 27
May 27·cat news/20260527-pipelines-etl-gcp-managed-airflow
cat news/20260527-pipelines-etl-gcp-managed-airflow
Managed Airflow gets environment tags and a dark console
Google's Managed Service for Apache Airflow began rolling out a release that adds resource tags for IAM policy conditions, a dark theme in the Cloud Console, and faster worker startup on package-heavy environments.
└─Google Cloud
Jun 26
Jun 26·cat news/20260626-streaming-flink-agents-030-ai
cat news/20260626-streaming-flink-agents-030-ai
Apache Flink Agents 0.3.0 introduces AI-powered stream processing agents
Flink Agents 0.3.0 is a new framework for building AI agents that operate over live Flink streams, shipping a day after Flink 2.3.0.
└─Apache Flink
Jun 25
Jun 25·cat news/20260625-streaming-apache-flink-230-sql
cat news/20260625-streaming-apache-flink-230-sql
Apache Flink 2.3.0 ships changelog SQL operators and materialized tables
Flink 2.3.0 is a substantial SQL release, adding changelog conversion operators and pushing materialized tables forward — a meaningful step beyond the 2.1.3 bugfix that shipped two weeks ago.
└─Apache Flink
Jun 2026
Jun 2026·cat news/20260621-streaming-confluent-platform-82-queues-mcp
cat news/20260621-streaming-confluent-platform-82-queues-mcp
Confluent Platform 8.2 ships Queues for Kafka and a managed MCP server
Confluent Platform 8.2 brings GA Queues for Kafka and Flink SQL, and adds a managed MCP server for Apache Kafka to the platform.
└─Confluent Blog
Jun 14
Jun 14·cat news/20260614-streaming-apache-flink-213-bugfix
cat news/20260614-streaming-apache-flink-213-bugfix
Apache Flink 2.1.3 patches five bugs and vulnerability fixes
The Flink community shipped the third bug-fix release of the 2.1 series, covering five bugs, vulnerability fixes, and minor improvements.
└─Apache Flink Blog
────────────────────────────────────────────────────────────
Jul 15
Jul 15·cat news/20260715-models-inkling-open-weight
cat news/20260715-models-inkling-open-weight
Thinking Machines drops Inkling, its first model — and the weights are open
Mira Murati's lab released Inkling, a 975B-parameter mixture-of-experts model with open weights, built from scratch in under nine months.
└─TechCrunch
Jul 9
Jul 9·cat news/20260709-models-gpt56-sol-terra-luna-pub
cat news/20260709-models-gpt56-sol-terra-luna-pub
GPT-5.6 goes public after U.S. Commerce clearance
OpenAI's three-model GPT-5.6 family went public July 9 after US Department of Commerce approval: Sol tuned for science and cybersecurity, Terra matching GPT-5.5 at half the cost, Luna as the lightweight option.
└─Nextgov
Jul 8
Jul 8·cat news/20260708-models-openai-gpt-live-1-voice
cat news/20260708-models-openai-gpt-live-1-voice
OpenAI Releases GPT-Live-1 and GPT-Live-1 Mini — Full-Duplex Voice Models Now in ChatGPT
OpenAI ships two dedicated voice models that can listen and speak at the same time, replacing the current Advanced Voice Mode and landing in the API.
└─OpenAI
Jul 8
Jul 8·cat news/20260708-models-openai-devday-2026-deadline
cat news/20260708-models-openai-devday-2026-deadline
OpenAI DevDay 2026 Application Deadline Is July 10
OpenAI set July 10 as the cut-off to apply for DevDay 2026, giving interested developers two days to get their submissions in.
└─Digg / OpenAI
Jun 5
Jun 5·cat news/20260605-llms-claude-opus-41-deprecation-dead
cat news/20260605-llms-claude-opus-41-deprecation-dead
Claude Opus 4.1 Deprecated — August 5 Retirement
claude-opus-4-1-20250805 entered deprecated status on June 5 and retires August 5, 2026, with claude-opus-4-8 as the replacement.
└─Anthropic Platform Docs
Jul 9
Jul 9·cat news/20260709-llms-anthropic-claude-reflect-dash
cat news/20260709-llms-anthropic-claude-reflect-dash
Anthropic introduces Reflect — a dashboard to track how you use Claude
Anthropic launched Reflect, a beta analytics dashboard inside Claude that shows usage patterns, topic breakdowns, and AI habit insights for Free, Pro, and Max users with memory enabled.
└─Anthropic / TechCrunch
Jul 9
Jul 9·cat news/20260709-llms-anthropic-hard-questions-qa
cat news/20260709-llms-anthropic-hard-questions-qa
Anthropic asks the public for their hardest AI questions, commits to answering transparently
Anthropic launched a public Q&A initiative soliciting the most difficult questions about AI safety, promising substantive and transparent answers rather than polished non-answers.
└─Anthropic
Jul 8
Jul 8·cat news/20260708-llms-fable5-billing-now-active
cat news/20260708-llms-fable5-billing-now-active
Fable 5 Per-Token Billing Is Now Live
Anthropic's Fable 5 per-token billing activated today, July 8, completing the transition away from subscription inclusion.
└─Anthropic
Jul 7
Jul 7·cat news/20260707-llms-chinese-models-us-share
cat news/20260707-llms-chinese-models-us-share
US Developers Keep Reaching for Cheaper Chinese Models
Cost pressure is quietly pulling US developers toward cheaper Chinese models, even as export controls dominate the policy headlines.
└─Industry analysis
Jun 16
Jun 16·cat news/20260616-llms-claude-mythos-preview-retire-june30
cat news/20260616-llms-claude-mythos-preview-retire-june30
Claude Mythos Preview Retires June 30
The claude-mythos-preview model endpoint will stop accepting requests on June 30, with claude-mythos-5 as the migration target.
└─Anthropic Platform Docs
Jun 15
Jun 15·cat news/20260615-llms-claude-sonnet4-opus4-retired
cat news/20260615-llms-claude-sonnet4-opus4-retired
Claude Sonnet 4 and Opus 4 Original Builds Fully Retired from the API
As of June 15, claude-sonnet-4-20250514 and claude-opus-4-20250514 no longer accept API requests — the retirement date arrived and both are gone.
└─Anthropic Platform Docs
Jun 15
Jun 15·cat news/20260615-llms-claude-sonnet4-opus4-eol
cat news/20260615-llms-claude-sonnet4-opus4-eol
Claude Sonnet 4 and Opus 4 Retire June 15
Anthropic is retiring Claude Sonnet 4 and Opus 4 on June 15, requiring API callers to migrate to current model versions before that date.
└─Anthropic Docs
Jun 1
Jun 1·cat news/20260601-llms-anthropic-prog-billing-june15
cat news/20260601-llms-anthropic-prog-billing-june15
Anthropic splits programmatic Claude usage into a separate credit pool starting June 15
Claude programmatic usage — CI runs, Agent SDK automation, GitHub Actions, third-party agent frameworks — moves to a dedicated monthly credit pool on June 15, separate from interactive usage.
└─devtoolpicks.com
Jul 28
Jul 28·cat news/20260728-mcp-spec-rc-stateless-final
cat news/20260728-mcp-spec-rc-stateless-final
MCP 2026-07-28 Specification Goes Final — Sessions Removed, OAuth Hardened
The Model Context Protocol's largest revision since launch publishes its final spec on July 28, dropping stateful sessions entirely and adding MCP Apps, Tasks, and OAuth 2.0/OpenID Connect alignment.
└─Model Context Protocol Blog
May 12
May 12·cat news/20260512-mcp-figma-mcp-server-launch
cat news/20260512-mcp-figma-mcp-server-launch
Figma Launches Official MCP Server for Bidirectional Code-Design Workflows
Figma released an official MCP server enabling AI agents to translate code into Figma designs, modify design systems, and convert designs back to code via the open MCP standard.
└─Figma Help Center
May 5
May 5·cat news/20260505-mcp-jama-connect-mcp-server
cat news/20260505-mcp-jama-connect-mcp-server
Jama Software Launches MCP Server for Jama Connect, Enabling AI Coding Assistants to Access Requirements Traceability
Jama Software has released an MCP Server for Jama Connect, letting AI coding tools such as Claude, Codex, Cursor, and GitHub Copilot query and navigate requirements traceability data while respecting existing permissions and audit workflows.
└─IT Business Net
Jul 1
Jul 1·cat news/20260701-agents-gemini-spark-mac
cat news/20260701-agents-gemini-spark-mac
Gemini Spark reaches the Mac with local file access
Google's agentic Gemini Spark assistant arrives in the macOS app, able to work with local files and connected apps for Ultra subscribers.
└─TechCrunch
Jun 23
Jun 23·cat news/20260622-agents-openai-patch-the-planet
cat news/20260622-agents-openai-patch-the-planet
OpenAI Launches 'Patch the Planet' Open-Source Vulnerability Initiative
OpenAI, Trail of Bits, HackerOne, and Calif jointly launched Patch the Planet, an effort to find and fix vulnerabilities in widely used open-source software.
└─OpenAI
Jun 18
Jun 18·cat news/20260618-agents-hf-agentic-bench-open-mo
cat news/20260618-agents-hf-agentic-bench-open-mo
Hugging Face Publishes Benchmark Guide for Open Models on Real Agentic Tooling
A new Hugging Face blog post walks through evaluating open-weight models against your own tool definitions rather than canned benchmarks.
└─Hugging Face Blog
Jun 18
Jun 18·cat news/20260618-agents-mosaicleaks-research-agent
cat news/20260618-agents-mosaicleaks-research-agent
MosaicLeaks: Benchmarking Whether Research Agents Leak Confidential Information
ServiceNow published a benchmark via the Hugging Face blog testing whether research agents inadvertently surface information they were told to keep confidential.
└─Hugging Face Blog
Jun 18
Jun 18·cat news/20260618-frameworks-hf-beyond-lora-peft-co
cat news/20260618-frameworks-hf-beyond-lora-peft-co
Hugging Face Compares LoRA Alternatives Across PEFT Fine-Tuning Methods
A Hugging Face guide benchmarks several PEFT fine-tuning techniques against LoRA, the de-facto default, to see whether newer methods actually improve on it.
└─Hugging Face Blog
May 20
May 20·cat news/20260520-frameworks-google-ai-studio-io26
cat news/20260520-frameworks-google-ai-studio-io26
Google AI Studio Gains Native Kotlin Support, Workspace Integrations, and Cloud Run Export
Google expanded AI Studio at I/O 2026 with native Kotlin support, Google Workspace integrations, one-click Cloud Run deployment, and direct export to Antigravity.
└─Google Developers Blog
May 19
May 19·cat news/20260519-frameworks-autogpt-cve-33233-rce
cat news/20260519-frameworks-autogpt-cve-33233-rce
AutoGPT Unsafe Pickle Deserialization Enables Arbitrary Code Execution (CVE-2026-33233)
A CVSS 7.6 vulnerability in AutoGPT allows remote code execution through unsafe pickle deserialization.
└─CVE Records
May 19
May 19·cat news/20260519-frameworks-autogpt-cve-33232-dos
cat news/20260519-frameworks-autogpt-cve-33232-dos
AutoGPT Unauthenticated DoS via Disk Space Exhaustion (CVE-2026-33232)
CVE-2026-33232 allows an unauthenticated attacker to exhaust disk space on AutoGPT instances, rated CVSS 7.5.
└─CVE Records
────────────────────────────────────────────────────────────
Jul 6
Jul 6·cat news/20260706-cloud-bedrock-agents-classic-retirement
cat news/20260706-cloud-bedrock-agents-classic-retirement
Amazon Bedrock Agents Classic Closes to New Customers July 30
The original Bedrock Agents experience (launched November 2023) stops accepting new customers on July 30, 2026 — existing users should migrate to the current Bedrock Agents before access is cut.
└─AWS Blog
Jul 15
Jul 15·cat news/20260715-cloud-workers-kv-legacy-api
cat news/20260715-cloud-workers-kv-legacy-api
Cloudflare's legacy Workers KV API routes are on the clock — migrate before October 15
Cloudflare deprecated the old /workers/namespaces/ KV API routes on July 15; they stop working October 15, and the fix is a one-line path swap.
└─Cloudflare
Jul 6
Jul 6·cat news/20260706-cloud-aws-evs-vcf9-support
cat news/20260706-cloud-aws-evs-vcf9-support
Amazon EVS Now Supports VMware Cloud Foundation 9.0 and 9.1
Amazon Elastic VMware Service extended its VCF support to include both 9.0 and the freshly released 9.1, giving operators full installation and lifecycle control on AWS infrastructure.
└─AWS What's New
Jul 6
Jul 6·cat news/20260706-cloud-aws-workspaces-ai-agents-ga
cat news/20260706-cloud-aws-workspaces-ai-agents-ga
Amazon WorkSpaces for AI Agents Goes GA
AI agents can now operate full desktop applications through managed WorkSpaces environments without custom integrations or app modernization.
└─AWS Blog
Jul 6
Jul 6·cat news/20260706-cloud-acm-acme-protocol-support
cat news/20260706-cloud-acm-acme-protocol-support
AWS Certificate Manager Now Supports the ACME Protocol
ACM can now issue and renew public TLS certificates using standard ACME tooling like certbot, removing the need for AWS-specific certificate automation scripts.
└─AWS Blog
Jun 8
Jun 8·cat news/20260608-cloud-aks-flatcar-retires-today
cat news/20260608-cloud-aks-flatcar-retires-today
AKS Flatcar Container Linux Preview Retires Today — No In-Place Migration Available
AKS drops Flatcar Container Linux support today, blocking new node pool creation and cutting off security patches, with a hard code-removal deadline on September 8.
└─Microsoft / Azure AKS
Jun 12
Jun 12·cat news/20260612-cloud-aws-copilot-cli-eol
cat news/20260612-cloud-aws-copilot-cli-eol
AWS Copilot CLI Reaches End of Support June 12, 2026
AWS is ending support for the Copilot CLI on June 12, retiring the container-focused deployment tool in favor of the AWS CDK and ECS native tooling.
└─AWS
May 17
May 17·cat news/20260517-cloud-cisco-sdwan-cve-2026-20182
cat news/20260517-cloud-cisco-sdwan-cve-2026-20182
CISA Mandates Federal Patch for Critical Cisco Catalyst SD-WAN Auth Bypass CVE-2026-20182
CISA has ordered federal agencies to patch a CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN Controller and Manager by May 17, 2026, following confirmed active exploitation.
└─BleepingComputer
May 12
May 12·cat news/20260512-cloud-cisa-kev-cve-2026-32202
cat news/20260512-cloud-cisa-kev-cve-2026-32202
CISA KEV Patch Deadline Arrives for Windows Shell Spoofing CVE-2026-32202
The FCEB mandatory patching deadline for CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability actively exploited by APT28, falls today, May 12, 2026.
└─CISA / The Hacker News
May 9
May 9·cat news/20260509-cloud-cisa-pan-os-0300-deadline
cat news/20260509-cloud-cisa-pan-os-0300-deadline
CISA May 9 Deadline Forces PAN-OS CVE-2026-0300 Mitigations Ahead of Planned May 13 Patch
CISA's May 9 enforcement deadline for federal agencies to mitigate the actively exploited PAN-OS root-level RCE (CVE-2026-0300) arrives while Palo Alto's patch remains four days away.
└─The Hacker News
Jun 30
Jun 30·cat news/20260630-cicd-opentofu-110-oci-s3-otel
cat news/20260630-cicd-opentofu-110-oci-s3-otel
OpenTofu 1.10 Ships OCI Registry Support, Native S3 State Locking, and Experimental OTel Tracing
OpenTofu 1.10 lands OCI registry support for modules and providers, S3-native state locking without a DynamoDB table, and opt-in OpenTelemetry tracing — the most infrastructure-facing release the fork has shipped.
└─OpenTofu Blog
Jun 29
Jun 29·cat news/20260629-cicd-gh-actions-runner-min-vers
cat news/20260629-cicd-gh-actions-runner-min-vers
GitHub Actions Self-Hosted Runner Minimum Version Enforcement Starts June 29
GitHub resumes minimum version enforcement for self-hosted runners on June 29 with brownout windows, escalating to full enforcement July 31.
└─GitHub Changelog
Jun 25
Jun 25·cat news/20260625-cicd-gh-actions-parallel-steps
cat news/20260625-cicd-gh-actions-parallel-steps
Actions steps can now be run in parallel
GitHub Actions gains native parallel step execution via a new `background: true` keyword, plus `wait` and `wait-all` primitives to synchronize.
└─GitHub Changelog
Jun 12
Jun 12·cat news/20260608-cicd-aws-copilot-cli-eol-jun
cat news/20260608-cicd-aws-copilot-cli-eol-jun
AWS Copilot CLI Reaches End of Support on June 12
AWS is ending official support for Copilot CLI on June 12, leaving ECS teams four days to confirm a migration path.
└─AWS News Blog
Jun 7
Jun 7·cat news/20260607-cicd-gh-actions-win-migration-start
cat news/20260607-cicd-gh-actions-win-migration-start
GitHub Actions Windows Image Migration to Visual Studio 2026 Begins June 8
The windows-latest and windows-2025 label migration to Visual Studio 2026 starts June 8 and completes by June 15, with macOS 26 following on June 15.
└─GitHub Changelog
May 8
May 8·cat news/20260508-cicd-github-agentic-wf-sec
cat news/20260508-cicd-github-agentic-wf-sec
GitHub Details Defense-in-Depth Security Architecture for Agentic CI/CD Workflows
GitHub published a comprehensive security model for agentic workflows, covering sandboxed execution, credential isolation, and full traceability across trust boundaries.
└─InfoQ
Jul 1
Jul 1·cat news/20260701-k8s-cncf-k8s-137-code-freeze-jul22
cat news/20260701-k8s-cncf-k8s-137-code-freeze-jul22
Kubernetes v1.37 Code Freeze Set for July 22-23, GA Targeting August 26
The v1.37 release cycle hits code freeze and test freeze the week of July 22, with a feature blog freeze coming sooner on July 9-10 and general availability targeting August 26.
└─kubernetes.dev
Jun 14
Jun 14·cat news/20260614-k8s-cncf-k8s-133-eol-jun28
cat news/20260614-k8s-cncf-k8s-133-eol-jun28
Kubernetes 1.33 Reaches End of Life on June 28
Kubernetes 1.33 hits EOL in two weeks — clusters still on it will receive no further patches after June 28.
└─Kubernetes
Jun 18
Jun 18·cat news/20260618-k8s-cncf-cncf-china-confere
cat news/20260618-k8s-cncf-cncf-china-confere
KubeCon, OpenInfra Summit, and PyTorch Conference to Co-Locate in China
CNCF, the OpenInfra Foundation, and the PyTorch Foundation announced they will merge their flagship conferences into a single co-located event in China.
└─CNCF
Jun 18
Jun 18·cat news/20260604-k8s-cncf-kubecon-india-2026
cat news/20260604-k8s-cncf-kubecon-india-2026
KubeCon + CloudNativeCon India 2026 Confirmed for June 18-19 in Mumbai
CNCF has locked in Mumbai for its inaugural India-focused KubeCon + CloudNativeCon, running June 18-19.
└─CNCF
Jun 10
Jun 10·cat news/20260610-k8s-cncf-k8s-137-prod-ready-frz
cat news/20260610-k8s-cncf-k8s-137-prod-ready-frz
Kubernetes v1.37 Production Readiness Freeze Lands June 10
The v1.37 release cycle hit Production Readiness Freeze on June 10, signalling that the window to land new enhancements is closing ahead of the August 26 release.
└─kubernetes.dev
────────────────────────────────────────────────────────────
Jul 14
Jul 14·cat news/20260714-platform-security-record-patch-tuesday
cat news/20260714-platform-security-record-patch-tuesday
The biggest Patch Tuesday ever lands with two zero-days already exploited
Microsoft shipped fixes for a record ~570 flaws on Tuesday, and two of the three zero-days in the batch are already being used in the wild.
└─BleepingComputer
Jul 4
Jul 4·cat news/20260704-platsec-fable5-bounty-jailbreak-fw
cat news/20260704-platsec-fable5-bounty-jailbreak-fw
Anthropic Launches Fable 5 Bug Bounty and AI Jailbreak Severity Framework
Anthropic opened a HackerOne bug bounty for Fable 5 jailbreaks and published a draft AI Jailbreak Severity Framework co-developed with AWS, Microsoft, and Google.
└─Anthropic
Jul 1
Jul 1·cat news/20260701-platsec-jamf-beacon-ai-governance
cat news/20260701-platsec-jamf-beacon-ai-governance
Jamf's Beacon brings dedicated threat hunting to enterprise Macs
Jamf made Beacon, a macOS-focused threat hunting service staffed by its Threat Labs team, generally available for enterprise Mac fleets.
└─9to5Mac
Jul 1
Jul 1·cat news/20260701-platform-sec-gh-secret-scan-pub-mon
cat news/20260701-platform-sec-gh-secret-scan-pub-mon
GitHub Secret Scanning Now Monitors Public github.com Surface for Enterprise Secrets
GitHub's secret scanning public monitoring entered preview on July 1, scanning all public git content, PR comments, and issues in real time and attributing found secrets back to the owning enterprise.
└─GitHub Blog
Jun 29
Jun 29·cat news/20260629-platform-security-gh-actions-runner-min-ver
cat news/20260629-platform-security-gh-actions-runner-min-ver
GitHub Actions Begins Brownouts June 29 for Self-Hosted Runners Below Minimum Version
GitHub resumes enforcement of minimum runner version requirements starting June 29, with brownouts from 11 AM–3 PM ET on github.com and full enforcement across GitHub Enterprise Cloud by July 31.
└─GitHub Changelog
May 12
May 12·cat news/20260512-platform-security-cve-2026-32202-cisa-kev
cat news/20260512-platform-security-cve-2026-32202-cisa-kev
CISA KEV Deadline: Federal Agencies Must Patch Windows Shell CVE-2026-32202 by May 12
CISA's May 12 patching deadline for CVE-2026-32202 — an APT28-exploited Windows Shell spoofing flaw enabling zero-click NTLMv2 hash theft — arrives today, requiring the April 2026 cumulative update KB5083769.
└─CISA / The Hacker News
Jul 14
Jul 14·cat news/20260714-cves-sharepoint-kev-cve-2026-56164
cat news/20260714-cves-sharepoint-kev-cve-2026-56164
A third SharePoint zero-day is under attack, and CISA wants on-prem admins to harden now
CISA added the newly patched SharePoint bug to its known-exploited catalog and told on-prem admins to harden fast, as attackers chain three flaws to steal server keys and dig in.
└─CISA
Jul 12
Jul 12·cat news/20260712-cves-node-tar-7518-parser-dos
cat news/20260712-cves-node-tar-7518-parser-dos
node-tar 7.5.18 patches an 8.7-severity infinite-loop DoS
A malformed tar header with a negative entry size can wedge tar.replace in an infinite loop; the fix shipped Sunday in 7.5.18 alongside two lesser parser bugs.
└─GitHub (isaacs/node-tar)
Jul 11
Jul 11·cat news/20260711-cves-imagemagick-viff-leak
cat news/20260711-cves-imagemagick-viff-leak
ImageMagick patches a VIFF-encoder memory leak
Feed ImageMagick a crafted VIFF image and it leaks memory until it topples — fixed in 7.1.2-26, and low-severity for good reason.
└─NVD
Jul 7
Jul 7·cat news/20260707-cves-cisa-kev-langflow-joomla-trio
cat news/20260707-cves-cisa-kev-langflow-joomla-trio
CISA KEV Adds Langflow Auth Bypass and Two Joomla Extension Vulnerabilities
CISA added CVE-2026-55255 (Langflow authorization bypass), CVE-2026-48908 (JoomShaper SP Page Builder unrestricted file upload), and CVE-2026-56290 (Joomlack Page Builder access control flaw) to the Known Exploited Vulnerabilities catalog on July 7.
└─CISA
Jul 4
Jul 4·cat news/20260704-cves-sharepoint-rce-cve-2026-45659
cat news/20260704-cves-sharepoint-rce-cve-2026-45659
Patch by July 4: SharePoint RCE CVE-2026-45659 Under Active Exploitation
CISA added CVE-2026-45659 — a CVSS 8.8 SharePoint Server deserialization RCE exploitable by any authenticated Site Member — to the KEV catalog on July 1, with FCEB agencies required to patch by July 4.
└─The Hacker News
Jun 26
Jun 26·cat news/20260626-cves-unifi-os-cisa-kev-deadline
cat news/20260626-cves-unifi-os-cisa-kev-deadline
CISA KEV Patch Deadline Today for Three Ubiquiti UniFi OS CVEs
FCEB agencies hit their June 26 patch deadline today for CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 — path traversal and command injection bugs in Ubiquiti UniFi OS that CISA added to KEV on June 23.
└─CISA
Jun 21
Jun 21·cat news/20260621-cves-splunk-cve2026-20253-kev
cat news/20260621-cves-splunk-cve2026-20253-kev
CISA KEV Deadline Passes for Splunk Enterprise Unauthenticated File Truncation Bug
Federal agencies hit their June 21 remediation deadline for CVE-2026-20253, a missing-authentication flaw in Splunk Enterprise that lets unauthenticated attackers create or truncate files via a PostgreSQL sidecar endpoint.
└─CISA
Jun 18
Jun 18·cat news/20260618-cves-cisa-kev-joomla-cve-2026-20253
cat news/20260618-cves-cisa-kev-joomla-cve-2026-20253
CISA Adds Actively Exploited Joomla Widget Factory Flaw to KEV Catalog
CISA confirmed active exploitation of CVE-2026-20253 in the Widget Factory Joomla Content Editor, adding it to the Known Exploited Vulnerabilities catalog with a federal remediation deadline of June 21.
└─CISA
Jun 12
Jun 12·cat news/20260612-cves-advisories-ivanti-sentry-kev-rce
cat news/20260612-cves-advisories-ivanti-sentry-kev-rce
CISA Adds Ivanti Sentry OS Command Injection to KEV — Unauthenticated Root RCE
CISA added a critical Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog on June 12, enabling unauthenticated remote attackers to execute commands as root.
└─CISA KEV Catalog
Jun 12
Jun 12·cat news/20260612-cves-advisories-ikev1-vpn-cve-2026-50751
cat news/20260612-cves-advisories-ikev1-vpn-cve-2026-50751
Check Point Confirms Active Exploitation of IKEv1 VPN Flaw CVE-2026-50751, Dutch NCSC Warns of Large-Scale Abuse
CVE-2026-50751, an IKEv1 VPN vulnerability confirmed as actively exploited by Check Point, drew a Dutch NCSC warning about imminent large-scale attacks and a CISA KEV deadline.
└─CISA KEV Catalog
Jun 9
Jun 9·cat news/20260609-cves-advisories-cisco-sdwan-mgr-kev
cat news/20260609-cves-advisories-cisco-sdwan-mgr-kev
CISA Adds Cisco Catalyst SD-WAN Manager to KEV With June 23 Deadline — Still No Patch
CISA formally listed CVE-2026-20245 in its Known Exploited Vulnerabilities catalog on June 9, giving federal agencies until June 23 to remediate — even though Cisco has yet to ship a fix.
└─CISA
Jun 9
Jun 9·cat news/20260609-cves-advisories-arista-eos-cve-2026-7473
cat news/20260609-cves-advisories-arista-eos-cve-2026-7473
Arista EOS CVE-2026-7473 Added to CISA KEV — Action Due June 23
CISA added CVE-2026-7473, an incomplete comparison flaw in Arista Extensible Operating System, to the Known Exploited Vulnerabilities catalog on June 9 with a remediation deadline of June 23, 2026.
└─CISA
May 20
May 20·cat news/20260603-cves-advisories-defender-kev-june3-deadl
cat news/20260603-cves-advisories-defender-kev-june3-deadl
CISA Sets June 3 Deadline for Two Exploited Microsoft Defender Zero-Days
CVE-2026-41091 lets a local attacker escalate to SYSTEM through Defender's Malware Protection Engine, while CVE-2026-45498 kills definition updates — patched together, federal deadline June 3.
└─WinBuzzer / The Hacker News
May 21
May 21·cat news/20260521-cves-advisories-cisa-kev-langflow-trendmicro
cat news/20260521-cves-advisories-cisa-kev-langflow-trendmicro
CISA Adds Langflow and Trend Micro Apex One to KEV Catalog
CISA flagged CVE-2025-34291 (Langflow origin validation error) and CVE-2026-34926 (Trend Micro Apex One directory traversal) as actively exploited, requiring federal agencies to patch under BOD 22-01.
└─CISA
May 20
May 20·cat news/20260520-cves-advisories-cisa-kev-may20-seven-cves
cat news/20260520-cves-advisories-cisa-kev-may20-seven-cves
CISA KEV Adds Seven CVEs Including Two 2026 Microsoft Defender Flaws and Five Legacy Exploits
Seven vulnerabilities joined the KEV catalog on May 20, mixing two fresh Microsoft Defender CVEs with five bugs from 2008-2010 that are, apparently, still being weaponized.
└─CISA
May 17
May 17·cat news/20260517-cves-advisories-cisco-sdwan-cve-2026-20182
cat news/20260517-cves-advisories-cisco-sdwan-cve-2026-20182
CISA Orders Federal Agencies to Patch Cisco Catalyst SD-WAN Auth Bypass CVE-2026-20182 by May 17
A CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN is being actively exploited in the wild, with CISA mandating federal agency remediation by May 17, 2026 and no complete workaround available short of upgrading.
└─BleepingComputer
May 10
May 10·cat news/20260510-cves-advisories-ivanti-epmm-cisa
cat news/20260510-cves-advisories-ivanti-epmm-cisa
CISA May 10 Deadline Passes for Ivanti EPMM Remote Code Execution Flaw
CISA's May 10 remediation deadline for an Ivanti Endpoint Manager Mobile improper-input-validation bug enabling authenticated-admin RCE has now lapsed, increasing exposure for federal and enterprise deployments.
└─CISA
May 10
May 10·cat news/20260510-cves-advisories-ivanti-epmm-cve6973
cat news/20260510-cves-advisories-ivanti-epmm-cve6973
CISA Adds Ivanti EPMM CVE-2026-6973 to KEV; Federal Patch Deadline Is Today
Ivanti Endpoint Manager Mobile carries a CVSS 7.2 RCE flaw under active exploitation, and CISA ordered Federal Civilian Executive Branch agencies to apply patches by May 10, 2026.
└─The Hacker News
May 9
May 9·cat news/20260509-cves-advisories-cve-2026-0300-deadline
cat news/20260509-cves-advisories-cve-2026-0300-deadline
CISA Deadline Passes for PAN-OS CVE-2026-0300 as Patches Remain Unavailable Until May 13
The CISA May 9 remediation deadline for the actively exploited Palo Alto PAN-OS root-level RCE (CVE-2026-0300) has arrived with official patches still not available, requiring agencies to apply interim mitigations immediately.
└─The Hacker News
Jul 8
Jul 8·cat news/20260708-supply-chain-injective-sdk-backdoor
cat news/20260708-supply-chain-injective-sdk-backdoor
Injective SDK Backdoored via Compromised Developer Account to Steal Wallet Keys
Attackers gained access to a trusted developer's account and inserted a backdoor into the Injective blockchain SDK, targeting cryptocurrency wallet keys and seed phrases.
└─CySecurity News
Jul 8
Jul 8·cat news/20260708-supply-chain-npm-v12-install-script
cat news/20260708-supply-chain-npm-v12-install-script
npm v12 Ships This Month, Blocking Install Scripts by Default
npm v12, arriving July 2026, blocks install scripts, Git dependencies, and remote sources by default — a breaking change driven by a year of North Korean supply chain attacks on the ecosystem.
└─Cybernews
Jul 1
Jul 1·cat news/20260701-supply-chain-mini-shai-hulud-170pkgs
cat news/20260701-supply-chain-mini-shai-hulud-170pkgs
Mini Shai-Hulud Expands to 170+ Packages as Worm-Style Propagation Confirmed
The fourth wave of the TeamPCP supply chain campaign now affects 170+ npm and PyPI packages, with fresh reporting confirming the malware harvests credentials post-install and uses them to poison other packages the victim controls.
└─SecurityWeek
Jun 23
Jun 23·cat news/20260623-supply-chain-openai-patch-the-planet
cat news/20260623-supply-chain-openai-patch-the-planet
OpenAI Launches Patch the Planet and Daybreak Cyber Partner Program
OpenAI moved GPT-5.5-Cyber to general release for verified defenders and launched Patch the Planet, a structured program with Trail of Bits, HackerOne, and others to find and fix vulnerabilities in widely used open-source software.
└─OpenAI
────────────────────────────────────────────────────────────
Jul 13
Jul 13·cat news/20260713-ides-jetbrains-vsc-net-debug
cat news/20260713-ides-jetbrains-vsc-net-debug
JetBrains brings .NET debugging to VS Code-compatible editors
ReSharper and Rider's 2026.2 update finally drops a real debugger inside VS Code, Cursor, and the rest of the VS Code-compatible crowd.
└─JetBrains Blog
Jul 8
Jul 8·cat news/20260708-ides-vscode-june-bundle-copilot
cat news/20260708-ides-vscode-june-bundle-copilot
VS Code's June 2026 Copilot bundle ships 1M-context windows and parallel agent sessions
The full June 2026 VS Code Copilot release bundle lands with 1M-token context windows, side-by-side agent sessions, and per-session cost tracking.
└─GitHub Blog
Jul 8
Jul 8·cat news/20260708-ides-typescript-7-shipped-native
cat news/20260708-ides-typescript-7-shipped-native
TypeScript 7.0 Ships with Native Go Compiler, 10x Speed Gain
TypeScript 7.0 is now generally available, replacing the JS type-checker with a Go-based native compiler that delivers roughly 10x faster builds and dramatically lower language server latency.
└─Microsoft DevBlogs
Jul 7
Jul 7·cat news/20260707-ides-claude-code-2-1-202
cat news/20260707-ides-claude-code-2-1-202
Claude Code 2.1.202 Adds Dynamic Workflow Sizing and OpenTelemetry Attributes
Claude Code 2.1.202 ships a new dynamic workflow size control in /config and adds workflow.run_id and workflow.name to OpenTelemetry telemetry emitted by workflow-spawned agents.
└─Anthropic (GitHub)
Jun 30
Jun 30·cat news/20260630-ides-microsoft-ends-claude-code-lice
cat news/20260630-ides-microsoft-ends-claude-code-lice
Microsoft Phases Out Internal Claude Code Licenses by June 30
Microsoft is retiring Claude Code seats for Experiences & Devices engineers by June 30, consolidating those workflows onto GitHub Copilot CLI instead.
└─WinBuzzer
Jul 31
Jul 31·cat news/20260731-github-gitlab-actions-runner-min-ver
cat news/20260731-github-gitlab-actions-runner-min-ver
GitHub Actions Self-Hosted Runner Minimum Version Enforcement Begins July 31
Runners below the minimum version will stop receiving jobs on July 31 for GitHub Enterprise Cloud with Data Residency — thirty days to audit your fleet.
└─GitHub Changelog
Jul 1
Jul 1·cat news/20260730-github-gitlab-gh-models-retired
cat news/20260730-github-gitlab-gh-models-retired
GitHub Models shuts down July 30
GitHub is shutting down Models entirely on July 30, taking the playground, model catalog, inference API, and BYOK with it.
└─GitHub Blog Changelog
Jul 20
Jul 20·cat news/20260720-github-gitlab-code-quality-ga
cat news/20260720-github-gitlab-code-quality-ga
GitHub Code Quality goes paid on July 20
GitHub Code Quality exits public preview on July 20, priced at $10 per active committer per month, with additional usage-based charges for AI-powered capabilities.
└─GitHub Changelog
Jul 8
Jul 8·cat news/20260708-github-gitlab-gh-universe-jul9
cat news/20260708-github-gitlab-gh-universe-jul9
GitHub Universe 2026 Early Pricing Ends July 9
GitHub Universe returns to Fort Mason in San Francisco on October 28–29, and the early registration rate expires tomorrow, July 9.
└─GitHub Blog
Jul 1
Jul 1·cat news/20260701-github-gitlab-fable5-copilot-rein
cat news/20260701-github-gitlab-fable5-copilot-rein
Claude Fable 5 Returns to GitHub Copilot After Export Control Lift
Three weeks after the US Commerce Department's export restrictions forced a suspension, Claude Fable 5 is back in Copilot globally — this time with safety classifiers that block cybersecurity offense and dangerous biology requests.
└─Anthropic / GitHub Changelog
Jun 30
Jun 30·cat news/20260630-github-gitlab-claude-sonnet5-copilot
cat news/20260630-github-gitlab-claude-sonnet5-copilot
Claude Sonnet 5 Now Generally Available in GitHub Copilot
Anthropic's Sonnet 5 joins the Copilot model roster, giving developers a strong coding-focused option for both IDE completions and agentic workflows.
└─GitHub Changelog
Jun 12
Jun 12·cat news/20260629-github-gitlab-actions-runner-min-ver
cat news/20260629-github-gitlab-actions-runner-min-ver
GitHub Actions Self-Hosted Runner Version Enforcement Resumes June 29
GitHub is reinstating minimum-version enforcement for self-hosted runners, with a brownout window starting June 29 and full enforcement by July 31.
└─GitHub Changelog
Jun 25
Jun 25·cat news/20260625-github-gitlab-gh-actions-parall
cat news/20260625-github-gitlab-gh-actions-parall
Actions steps can now be run in parallel
GitHub Actions gains native parallel step execution via `background: true`, letting independent tasks like build, lint, and test overlap without matrix or multi-job workarounds.
└─GitHub Changelog
Jun 1
Jun 1·cat news/20260601-github-gitlab-copilot-actions-min-bill
cat news/20260601-github-gitlab-copilot-actions-min-bill
GitHub Copilot Code Review to Start Consuming GitHub Actions Minutes on June 1, 2026
Starting June 1, 2026, Copilot code review on private repositories will draw from GitHub Actions minutes under the new AI Credits billing model.
└─Microsoft Learn
Jul 1
Jul 1·cat news/20260701-build-tools-vite-811-812-patches
cat news/20260701-build-tools-vite-811-812-patches
Vite 8.1.1 and 8.1.2 Ship Back-to-Back Patch Fixes
Two patch releases landed for Vite 8.1 in quick succession, with 8.1.2 the current stable as of July 1.
└─vite.dev
Jun 15
Jun 15·cat news/20260615-build-tools-salesforce-summer26-agent-script
cat news/20260615-build-tools-salesforce-summer26-agent-script
Salesforce open-sources Agent Script toolchain as Summer '26 ships
Salesforce dropped the Agent Script toolchain — parser, linter, compiler, LSP, and editor integrations — under Apache 2.0 alongside the Summer '26 release, which also brings Agentforce Builder to GA.
└─Salesforce Developers Blog
Jun 8
Jun 8·cat news/20260608-build-tools-apple-wwdc-sdk-betas-intel
cat news/20260608-build-tools-apple-wwdc-sdk-betas-intel
Apple Drops Six-Platform SDK Betas and Updates Developer Program Terms at WWDC
Apple released SDK betas for all six platforms at WWDC alongside a revised Developer Program License Agreement covering new Apple Intelligence APIs.
└─Apple Developer
May 15
May 15·cat news/20260515-build-tools-msvc-preview-may-2026
cat news/20260515-build-tools-msvc-preview-may-2026
MSVC Build Tools Preview May 2026 Ships C++23 consteval Propagation and ARM64 Improvements
Microsoft's May 2026 MSVC build tools preview delivers C++23 consteval propagation (P2564R3), C++ modules fixes, ARM64 Neon and loop optimizations, and an AddressSanitizer heap-address caching speedup.
└─Microsoft C++ Team Blog
────────────────────────────────────────────────────────────
Jul 22
Jul 22·cat news/20260722-governance-eu-ai-act-july22-signatory
cat news/20260722-governance-eu-ai-act-july22-signatory
EU AI Act July 22 Signatory Deadline Precedes August 2 Enforcement — €15M Fines on the Line
AI companies have until July 22 at 18:00 CEST to sign the EU AI Office's Code of Practice and secure a presumption of regulatory conformity before Article 50 enforcement kicks in August 2.
└─TechTimes
Jul 16
Jul 16·cat news/20260716-governance-anthropic-state-ai-laws
cat news/20260716-governance-anthropic-state-ai-laws
Anthropic wants states competing to write the toughest AI-safety laws
Anthropic's state-policy team is urging states to one-up each other on AI-safety rules for frontier models, breaking with OpenAI's push for a single, lighter-touch federal standard.
└─The Hill
Jul 9
Jul 9·cat news/20260709-governance-bernanke-anthropic-ltbt
cat news/20260709-governance-bernanke-anthropic-ltbt
Ben Bernanke Appointed to Anthropic's Long-Term Benefit Trust
Former Federal Reserve chair Ben Bernanke joins the Anthropic Long-Term Benefit Trust, the internal governance body charged with holding the company to its safety mission.
└─Anthropic
Jul 4
Jul 4·cat news/20260704-governance-amodei-pentagon-statement-red
cat news/20260704-governance-amodei-pentagon-statement-red
Dario Amodei Publishes Statement on Pentagon Dispute as Court Emails Surface
Court documents unsealed July 2 reveal tense private emails between Amodei and a Pentagon under secretary, and Amodei's formal response publicly confirms two AI red lines for the first time.
└─Anthropic
Jul 2
Jul 2·cat news/20260702-governance-white-house-frontier-model-rules
cat news/20260702-governance-white-house-frontier-model-rules
Washington moves to gate frontier model releases
The US government is in advanced talks with OpenAI, Google, and Anthropic on a voluntary framework governing how new frontier models get released.
└─The Next Web
Jul 1
Jul 1·cat news/20260701-governance-eu-ai-act-omnibus-deferral
cat news/20260701-governance-eu-ai-act-omnibus-deferral
EU Digital Omnibus Pushes Annex III High-Risk AI Deadlines to 2027 and 2028
A provisional political agreement on the EU Digital Omnibus defers the most burdensome high-risk AI obligations — originally due August 2, 2026 — by over a year, while the August 2 transparency deadline under Article 50 remains in place.
└─Gibson Dunn
Jun 12
Jun 12·cat news/20260612-governance-fable-mythos-export-susp
cat news/20260612-governance-fable-mythos-export-susp
US Government Issues Export Control Directive Suspending Anthropic Fable 5 and Mythos 5 Worldwide
A US government directive invoking national security authorities forced Anthropic to shut off Claude Fable 5 and Mythos 5 globally — the first known use of export controls to pull a deployed commercial AI model.
└─Anthropic newsroom
Jun 1
Jun 1·cat news/20260601-governance-eu-ai-act-cop-labeling
cat news/20260601-governance-eu-ai-act-cop-labeling
EU AI Act Code of Practice on AI Content Labeling Due in June as August Enforcement Looms
The EU is publishing its voluntary Code of Practice for AI-generated content transparency this month, ahead of the full AI Act becoming enforceable on August 2, 2026.
└─EU Commission / artificialintelligenceact.eu
Jul 13
Jul 13·cat news/20260713-industry-anthropic-india-pricing
cat news/20260713-industry-anthropic-india-pricing
Anthropic localizes Claude pricing for India
Claude gets India-specific pricing as Anthropic leans into its largest market outside the US.
└─TechCrunch
Jul 7
Jul 7·cat news/20260707-industry-microsoft-4800-layoffs-xbox
cat news/20260707-industry-microsoft-4800-layoffs-xbox
Microsoft Cuts 4,800 Jobs, Axes One-Fifth of Xbox to Fund AI Push
Microsoft is eliminating roughly 4,800 roles — 2.1% of its global headcount — with Xbox absorbing 3,200 of those cuts as the company redirects capital toward AI infrastructure.
└─GeekWire
Jul 6
Jul 6·cat news/20260706-industry-microsoft-frontier-company-ops
cat news/20260706-industry-microsoft-frontier-company-ops
Microsoft Frontier Company Now Operational with $2.5B Commitment and 6,000 Engineers
Microsoft's Frontier Company — $2.5 billion, 6,000 forward-deployed engineers — is operational, arriving two days after AWS launched its own $1 billion forward engineering unit.
└─Tech news
Jul 6
Jul 6·cat news/20260706-industry-techcrunch-layoffs-tracker-h1
cat news/20260706-industry-techcrunch-layoffs-tracker-h1
Tech Accounts for Nearly a Third of US Job Cuts in H1 2026, AI Cited as Leading Driver
TechCrunch's running tracker puts 2026 tech layoffs at 185,894 workers across 267 events through July 6 — up 83% from H1 2025, with AI named as the single largest factor in announcements.
└─TechCrunch
Jun 16
Jun 16·cat news/20260616-industry-oracle-layoffs-jun15-passed
cat news/20260616-industry-oracle-layoffs-jun15-passed
Oracle's June 15 Separation Deadline Passes as 30,000-Person Layoff Completes Final Phase
The June 15 deadline for Oracle's mass separation of 30,000 employees has now passed, closing the announced restructuring cycle.
└─InformationWeek
Jul 1
Jul 1·cat news/20260701-hiring-roberthalf-h2-2026-tech-report
cat news/20260701-hiring-roberthalf-h2-2026-tech-report
78% of Tech Leaders Plan to Add Permanent Headcount in H2 2026, Robert Half Finds
Robert Half's H2 2026 hiring survey shows hiring intent at its highest point of the year — but skills shortages already derailed projects at 71% of organizations, and nearly half canceled work outright.
└─Robert Half
May 15
May 15·cat news/20260515-hiring-comptia-tech-jobs-three-year
cat news/20260515-hiring-comptia-tech-jobs-three-year
CompTIA: New Tech Job Postings Hit Three-Year High in April 2026
April 2026 saw 271,483 new tech job postings — the strongest year-over-year gain of 2026 and a three-year peak — signaling that the tech hiring market has moved from recovery into sustained expansion.
└─CompTIA / PR Newswire
May 11
May 11·cat news/20260511-hiring-fidelity-3300-new-hires-20
cat news/20260511-hiring-fidelity-3300-new-hires-20
Fidelity Plans 3,300 Net-New Hires in 2026, Half in Tech, Alongside Restructuring
Despite trimming 800 roles from its agile squad organization, Fidelity Investments is targeting 3,300 new hires this year — roughly half in technology and product — plus 2,000 early-career positions, making it one of the larger financial-services hiring programs announced so far in 2026.
└─Boston Globe
May 1
May 1·cat news/20260501-hiring-aws-11000-developers
cat news/20260501-hiring-aws-11000-developers
AWS Plans to Hire 11,000 Developers in 2026 Despite Industry-Wide Layoffs
AWS CEO Matt Garman announced a plan to bring on 11,000 developers this year, framing the hires as necessary for AI-driven cloud infrastructure while defending concurrent AI-led workforce reductions elsewhere.
└─Analytics Insight
May 4
May 4·cat news/20260504-career-gsoc-2026-contributors-welcome
cat news/20260504-career-gsoc-2026-contributors-welcome
Google Summer of Code 2026 Welcomes 1,141 Contributors; Coding Period Begins May 25
Google has selected 1,141 contributors across 184 mentoring organizations for GSoC 2026, with the official coding period opening May 25.
└─Google Open Source Blog
May 1
May 1·cat news/20260501-career-displaced-workers-landing
cat news/20260501-career-displaced-workers-landing
Displaced Tech Workers Finding Roles in Cloud, Security, and Mid-Market IT Leadership
Cloud migration, cybersecurity, and mid-market IT leadership are emerging as the primary landing zones for tech professionals displaced by 2026's wave of layoffs.
└─Kore1
────────────────────────────────────────────────────────────
Jul 9
Jul 9·cat news/20260709-design-systems-figma-make-gpt56
cat news/20260709-design-systems-figma-make-gpt56
GPT-5.6 Now Powers Initial Builds in Figma Make
Figma Make swapped in GPT-5.6 as its default model, with the goal of producing stronger first-pass builds before you touch a prompt.
└─Figma
Jul 9
Jul 9·cat news/20260709-design-systems-figma-ai-credit-api
cat news/20260709-design-systems-figma-ai-credit-api
Figma Adds AI Credit Usage API for Enterprise
Enterprise orgs can now pull AI credit consumption data programmatically, broken down by user, product, workspace, and team.
└─Figma
Jul 1
Jul 1·cat news/20260701-design-tools-figma-code-layers-ea
cat news/20260701-design-tools-figma-code-layers-ea
Figma Code Layers Early Access Opens in July
Code Layers — the most interesting piece of the Config bundle — has moved from waitlist to early access, letting teams clone a GitHub repo directly onto the Figma canvas and sync changes back to the codebase.
└─Figma Blog
Jun 18
Jun 18·cat news/20260618-design-systems-figma-agent-web-se
cat news/20260618-design-systems-figma-agent-web-se
Figma Design Agent Gains Live Web Search
The Figma design agent can now search the web mid-session, letting designers pull in live references, best practices, and real-world content without leaving the file.
└─Figma
Jul 1
Jul 1·cat news/20260701-css-edge-150-css-features
cat news/20260701-css-edge-150-css-features
Edge 150 Ships AccentColor, light-dark() Images, Comma @container, and text-fit
Microsoft Edge 150 lands four CSS features worth knowing: OS accent color tokens, image-aware light-dark(), comma-separated @container fallback queries, and text-fit for automatic font scaling.
└─Microsoft Learn
Jun 15
Jun 15·cat news/20260615-css-state-of-css-2026-survey-c
cat news/20260615-css-state-of-css-2026-survey-c
State of CSS 2026 Survey Closes June 15
The annual State of CSS survey wraps up tomorrow — if you haven't filed a response yet, this is the last call.
└─Devographics
May 20
May 20·cat news/20260520-css-html-in-canvas-api-google-io
cat news/20260520-css-html-in-canvas-api-google-io
Google I/O 2026: HTML-in-Canvas API Brings Accessible, Searchable 3D Web Experiences
Google announced the HTML-in-Canvas API at I/O 2026, enabling developers to render HTML content inside canvas elements for immersive 3D experiences that remain fully accessible and indexable.
└─Google Developers Blog
May 5
May 5·cat news/20260505-css-chrome-148-container-lazy
cat news/20260505-css-chrome-148-container-lazy
Chrome 148 Adds Name-Only Container Queries and Lazy Loading for Video and Audio
Chrome 148 ships two web-platform improvements: container queries that match by name without requiring container-type, and lazy loading support via loading="lazy" on video and audio elements.
└─Chrome Developers
May 1
May 1·cat news/20260501-css-w3c-css-snapshot-2026
cat news/20260501-css-w3c-css-snapshot-2026
W3C Publishes CSS Snapshot 2026
The W3C released CSS Snapshot 2026, the authoritative reference cataloguing which CSS specifications are stable and suitable for implementation.
└─W3C
Jul 2
Jul 2·cat news/20260702-accessibility-wcag-em-20-published
cat news/20260702-accessibility-wcag-em-20-published
W3C Publishes WCAG-EM 2.0 Evaluation Methodology
The W3C has published WCAG-EM 2.0 as a Group Note, updating the standard methodology for evaluating website conformance to WCAG 2.
└─W3C
Jun 4
Jun 4·cat news/20260604-accessibility-wordpress-a11y-ready-dead
cat news/20260604-accessibility-wordpress-a11y-ready-dead
WordPress Accessibility-Ready Tag Requires WCAG Compliance by June 30
Theme authors have until June 30 to update their themes to current WCAG standards or lose the accessibility-ready tag in the WordPress theme directory.
└─WordPress Accessibility Team
May 1
May 1·cat news/20260501-motion-svelte-motion-types-exported
cat news/20260501-motion-svelte-motion-types-exported
Svelte 5.55.0 Exports Motion Primitive Types from svelte/motion
Svelte 5.55.0 now exports TweenOptions, SpringOptions, EasingFunction, and related types directly from the svelte/motion module, making them available for typed consumer code.
└─Svelte Blog
May 1 → Jul 17all486 entries