The deprecation page lists exact model IDs being retired, replacement aliases, and the error behavior after June 15 — details that matter when hunting down hardcoded strings across a codebase.
The official release schedule page explains the new annual cadence and what happens to the LTS promotion model — worth reading before planning your upgrade path.
TeamPCP's latest Mini Shai-Hulud variant compromised 96 versions across 32 @redhat-cloud-services npm packages — the fifth time this actor has pulled the same playbook in six weeks, and their first confirmed pivot to GitHub Actions OIDC tokens instead of individual developer credentials.
Apple has announced that macOS 27 will be the last release to include Rosetta 2, after which Intel-only binaries will no longer run on Apple silicon Macs.
Xcode 26.5 ships as a stable release on May 13, bundling Swift 6.3, final iOS/iPadOS/tvOS/macOS/visionOS 26.5 SDKs, and coding assistant improvements including message queuing and clarifying questions.
The KotlinConf 2026 keynote landed Kotlin 2.4.0 in preview, pushed Kotlin/Wasm to Beta, introduced an 18-month security support policy for the standard library, and revealed JetBrains co-leading a new open Agent Client Protocol standard.
Google I/O 2026 delivered a stable Android CLI enabling agents to access Android Studio capabilities, open-sourced Android skills for Jetpack Compose migration, and announced a migration agent that converts React Native and iOS codebases to native Kotlin.
AndroidX published stable 1.11.2 bug-fix releases for Compose Animation, Foundation, Material, Runtime, and UI on May 19, alongside Navigation3 1.1.2 and a stable promotion for Savedstate 1.5.0.
CVE-2026-27648, CVE-2026-24792, and CVE-2026-25781 affect OpenHarmony v6.0, exposing Huawei and OpenHarmony-compatible devices to remote code execution and local denial-of-service.
React 19.0.7, 19.1.8, and 19.2.7 all shipped June 1 with a same-day fix for a FormData regression in Server Actions introduced by the previous patch on each branch.
WordPress 7.0 reached final release on May 20 after a cycle extension, but real-time collaboration was pulled from the milestone due to unresolved race conditions and memory concerns.
Google proposed WebMCP at Google I/O 2026 as an open web standard enabling browser-based AI agents to execute structured tool calls, with an experimental origin trial starting in Chrome 149.
Google previewed a new HTML-in-Canvas API at I/O 2026 that lets developers embed live HTML content inside WebGL/Canvas contexts, preserving accessibility and search indexability in immersive scenes.
Google announced at I/O 2026 that Chrome DevTools now supports AI agent automation, enabling programmatic quality audits and real-world user experience testing without manual interaction.
Firefox 151, released May 19, adds Web Serial API support, container style queries, document picture-in-picture, PDF merging in the built-in viewer, and enhanced fingerprinting protection.
Vercel's May security release now covers 13 advisories including CVE-2026-23870, a React Server Components denial-of-service vulnerability, with patched versions Next.js 15.5.18 and 16.2.6 available.
The Svelte May 2026 roundup brings SvelteKit TypeScript 6.0 compatibility, a new form-field default-value API, motion-type exports in Svelte 5.55, and the sv CLI's first stable community add-ons feature — alongside several breaking changes to query lifecycle.
Node.js 26 ships as the new Current release with Temporal API enabled by default, V8 14.6, and several breaking changes including removal of legacy stream modules and the writeHeader method.
A new GitHub API in public preview lets GitHub Apps directly query whether they are installed on a specific enterprise and retrieve the installation ID, eliminating the need to paginate all installations.
OpenAI released GPT-5.5 and GPT-5.5 Pro for API developers with a 1M-token context window, priced at $5/$30 and $30/$180 per million input/output tokens respectively.
JDK 27 review cycles opened for JEP 523 (G1 as universal default GC), JEP 534 (compact object headers default), JEP 537 (Vector API 12th incubator), and JEP 538 (new PEM encoding/decoding API).
Oracle's Inside Java Newscast #112 details post-quantum TLS support being added to the JDK, a major cryptographic hardening ahead of quantum computing threats.
GeeCon 2026 runs May 14-15 in Kraków with sessions on JDK 27 roadmap items including Structured Concurrency and what excites developers most about Java in 2026.
A New Stack overview of Python's 2026 roadmap highlights official free-threading support, lazy import machinery, and continued interpreter performance work as the main themes for the year.
dbt Labs unveiled the first alpha of dbt Core v2.0 at Snowflake Summit, the biggest version bump since the project launched, headlined by UDF-aware deferral.
Google's Managed Service for Apache Airflow began rolling out a release that adds resource tags for IAM policy conditions, a dark theme in the Cloud Console, and faster worker startup on package-heavy environments.
The Apache Flink community released version 1.15.0 of its Kubernetes Operator, adding Kubernetes-native status Conditions to FlinkDeployment and Flink 2.2 compatibility.
Confluent Cloud expanded its Metrics API with signals covering client throttling by principal, consumer group rebalance duration, connection attempt spikes, and compacted partition counts.
Neon now pitches itself as a complete backend for apps and agents — Postgres, Auth, and a Data API today, with object storage, compute, and an AI gateway flagged as coming — and shipped a batch of changelog fixes the same day.
A bug-fix stable patch lands on top of the 26.4 feature release, which added VALUES as a table expression, natural join, and compound INTERVAL literals.
Oracle Cloud Infrastructure GoldenGate is now generally available on Oracle Database@Google Cloud, enabling real-time data replication and transformation between systems.
Amazon's Quick AI assistant is now available in Free and Plus pricing tiers with a native desktop app for macOS and Windows, adding connectors for Google Workspace, Zoom, Airtable, Dropbox, and Microsoft Teams alongside visual asset generation.
Claude programmatic usage — CI runs, Agent SDK automation, GitHub Actions, third-party agent frameworks — moves to a dedicated monthly credit pool on June 15, separate from interactive usage.
Anthropic is in advanced discussions to raise as much as $50 billion at a pre-money valuation of roughly $900 billion, with a close expected within two months.
OpenAI released GPT-5.5 for API access with a 1 million token context window, priced at $5/1M input and $30/1M output, plus a higher-tier GPT-5.5-pro at $30/1M input and $180/1M output.
Anthropic's Series H puts it past OpenAI on valuation at $965B, bankrolled by Altimeter, Sequoia, and a $5B Amazon tranche, with annualized revenue already at $47B and a new frontier model called Mythos on deck.
Google released Android Bench as an open-source leaderboard at I/O 2026 to provide a standardized way to measure LLM performance on real-world Android development tasks.
JetBrains announced at KotlinConf 2026 that it is co-leading the Agent Client Protocol, an open standard defining how coding agents and IDEs exchange context, instructions, and results.
Google unveiled Antigravity 2.0 at I/O 2026, introducing a redesigned CLI for building specialized subagents and an SDK for deploying agent workflows on custom infrastructure.
Google introduced Managed Agents via the Gemini API at I/O 2026, providing infrastructure scaffolding that reduces the setup burden for teams deploying production AI agents.
Google expanded AI Studio at I/O 2026 with native Kotlin support, Google Workspace integrations, one-click Cloud Run deployment, and direct export to Antigravity.
Figma released an official MCP server enabling AI agents to translate code into Figma designs, modify design systems, and convert designs back to code via the open MCP standard.
Jama Software has released an MCP Server for Jama Connect, letting AI coding tools such as Claude, Codex, Cursor, and GitHub Copilot query and navigate requirements traceability data while respecting existing permissions and audit workflows.
Beta builds of the Cloudflare One client for macOS and Windows landed with a redesigned interface, and the Windows build can block all internet traffic from boot until the user authenticates.
Google issued security bulletin GCP-2026-034 for a server-side request forgery vulnerability in Apigee X that allows attackers to exfiltrate service account tokens through an unvalidated IntegrationRegion parameter.
Google shipped Guest Environment version 20260511.00 to repair a May 4–11 control plane error that accidentally removed the core plugin, disabling SSH access and password reset on affected instances.
CISA has ordered federal agencies to patch a CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN Controller and Manager by May 17, 2026, following confirmed active exploitation.
The FCEB mandatory patching deadline for CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability actively exploited by APT28, falls today, May 12, 2026.
CISA's May 9 enforcement deadline for federal agencies to mitigate the actively exploited PAN-OS root-level RCE (CVE-2026-0300) arrives while Palo Alto's patch remains four days away.
Google Cloud Service Mesh now surfaces acceptance and rejection status codes for Istio API resources, letting operators see detailed error codes through resource and mesh state displays.
CNCF has published the full session schedule for KubeCon + CloudNativeCon Japan 2026, taking place July 29-30 at PACIFICO Yokohama, with registration open through June 16.
The CNCF TOC voted on May 7 to advance Microcks from Sandbox to Incubating status, recognizing its growth as a cloud-native API mocking and contract testing platform.
GitHub published a comprehensive security model for agentic workflows, covering sandboxed execution, credential isolation, and full traceability across trust boundaries.
TeamPCP's latest Mini Shai-Hulud variant compromised 96 versions across 32 @redhat-cloud-services npm packages — the fifth time this actor has pulled the same playbook in six weeks, and their first confirmed pivot to GitHub Actions OIDC tokens instead of individual developer credentials.
Three separate credential-stealing campaigns targeted npm, PyPI, and Docker Hub within the same 48-hour window — the Docker Hub incident involved a trojanized Trivy image and picked up CVE-2026-33634.
Among the OpenSSF Community Day North America roundup, the headline artifact is a 1.0.0 Python secure-coding guide developers can actually pin against.
Socket flagged a coordinated stealer across three package registries that also drops poisoned AI config files to turn your coding assistant against you.
CVE-2026-41091 lets a local attacker escalate to SYSTEM through Defender's Malware Protection Engine, while CVE-2026-45498 kills definition updates — patched together, federal deadline June 3.
CISA added three infrastructure CVEs to its Known Exploited Vulnerabilities catalog on May 27 — a Linux kernel local privilege escalation to root, an Ivanti EPMM authenticated RCE, and an unauthenticated out-of-bounds write in PAN-OS that also lands root.
CISA marked credential-stealing compromises in DAEMON Tools Lite, TanStack, and the Nx Console editor extension as actively exploited and added all three to its Known Exploited Vulnerabilities catalog.
Three days after disclosure, CISA added the maximum-severity LiteSpeed cPanel privilege-escalation flaw to its Known Exploited Vulnerabilities catalog with a federal patch deadline of May 29.
A critical SQL injection in Ghost's Content API, patched back in February, is being mass-exploited to steal admin API keys and inject ClickFix malware into more than 700 sites.
CISA flagged CVE-2025-34291 (Langflow origin validation error) and CVE-2026-34926 (Trend Micro Apex One directory traversal) as actively exploited, requiring federal agencies to patch under BOD 22-01.
Seven vulnerabilities joined the KEV catalog on May 20, mixing two fresh Microsoft Defender CVEs with five bugs from 2008-2010 that are, apparently, still being weaponized.
A CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN is being actively exploited in the wild, with CISA mandating federal agency remediation by May 17, 2026 and no complete workaround available short of upgrading.
CISA's May 10 remediation deadline for an Ivanti Endpoint Manager Mobile improper-input-validation bug enabling authenticated-admin RCE has now lapsed, increasing exposure for federal and enterprise deployments.
Ivanti Endpoint Manager Mobile carries a CVSS 7.2 RCE flaw under active exploitation, and CISA ordered Federal Civilian Executive Branch agencies to apply patches by May 10, 2026.
The CISA May 9 remediation deadline for the actively exploited Palo Alto PAN-OS root-level RCE (CVE-2026-0300) has arrived with official patches still not available, requiring agencies to apply interim mitigations immediately.
CISA's May 12 patching deadline for CVE-2026-32202 — an APT28-exploited Windows Shell spoofing flaw enabling zero-click NTLMv2 hash theft — arrives today, requiring the April 2026 cumulative update KB5083769.
GitHub announced a technical preview of a standalone Copilot desktop application that consolidates coding agents, pull requests, issues, and development sessions in one place.
GitHub added an adoption-phase classifier to the Copilot usage metrics API, bucketing each engaged developer by how they actually use the tool over a rolling 28-day window.
VS Code 1.122 lands air-gapped BYOK support for Ollama and other local models, a browser device emulator for responsive testing, and a preview Agents Window for managing multi-project agent sessions.
VS Code 1.121 ships built-in Mermaid diagram rendering in Markdown previews, native HTML file preview without extensions, and a preview of agent sessions running on remote machines over SSH or dev tunnels.
Google shipped a stable command-line interface for Android Studio at Google I/O 2026, enabling AI agents to programmatically access Android Studio capabilities.
Figma's May 1 desktop update lets users move between files without losing context, opens links in place rather than spawning new windows, and adds search over recently accessed work.
The EU is publishing its voluntary Code of Practice for AI-generated content transparency this month, ahead of the full AI Act becoming enforceable on August 2, 2026.
The US General Services Administration is headlining a government panel on open source policy and governance at the O'Reilly Open Source Conference in Austin on May 11, 2026.
The Open Source Initiative's 2026 annual report identifies open source as a strategic asset while calling out AI coding assistants as a new vector for uncontrolled dependency intake.
A late-May tally puts year-to-date tech layoffs at 142,000 across 212+ companies, with the $700B AI infrastructure build cited explicitly as the destination for payroll savings.
Wix said it will lay off around 1,000 people, near a fifth of its workforce, blaming a strong shekel and an AI-driven rethink of how it builds software.
April 2026 saw 271,483 new tech job postings — the strongest year-over-year gain of 2026 and a three-year peak — signaling that the tech hiring market has moved from recovery into sustained expansion.
Despite trimming 800 roles from its agile squad organization, Fidelity Investments is targeting 3,300 new hires this year — roughly half in technology and product — plus 2,000 early-career positions, making it one of the larger financial-services hiring programs announced so far in 2026.
AWS CEO Matt Garman announced a plan to bring on 11,000 developers this year, framing the hires as necessary for AI-driven cloud infrastructure while defending concurrent AI-led workforce reductions elsewhere.
AI coding tools are displacing work previously assigned to junior engineers, raising serious concerns about the long-term health of the developer talent pipeline.
Cloud migration, cybersecurity, and mid-market IT leadership are emerging as the primary landing zones for tech professionals displaced by 2026's wave of layoffs.
Figma Make shipped on May 28 as a distinct AI agent that reads prompts, edits your canvas, and writes the corresponding code changes against your local codebase via MCP.
Figma's new embedded agent generates and remixes designs, handles repetitive tasks, and respects your existing design system — rolling out gradually in beta with no credit cost during the preview.
Figma's May 2026 release formalizes its MCP Server at mcp.figma.com/mcp, shipping four agent skills, three design-to-code workflows, and a live variable engine that syncs Figma values to code tokens in real time.
Google announced the HTML-in-Canvas API at I/O 2026, enabling developers to render HTML content inside canvas elements for immersive 3D experiences that remain fully accessible and indexable.
Chrome 148 ships two web-platform improvements: container queries that match by name without requiring container-type, and lazy loading support via loading="lazy" on video and audio elements.
Svelte 5.55.0 now exports TweenOptions, SpringOptions, EasingFunction, and related types directly from the svelte/motion module, making them available for typed consumer code.