Osmond Van Hemert

A critical RCE vulnerability in Spring Framework has the internet in panic mode, but the actual risk profile is more nuanced than the Log4Shell comparisons suggest.

The Lapsus$ hacking group has breached both Okta and Microsoft, exposing critical weaknesses in identity provider security and third-party access management.

A popular npm package was deliberately sabotaged by its own maintainer, raising urgent questions about supply chain trust in open source.

The Rust for Linux project continues gaining momentum with updated patch series and growing support from kernel maintainers. Memory safety in the kernel is getting real.

TypeScript 4.6 brings improved control flow analysis, better type narrowing for destructured discriminated unions, and performance improvements that matter for large codebases.

As conflict erupts in Ukraine, destructive wiper malware targeting critical infrastructure signals a new chapter in state-sponsored cyber operations.

The Linux Foundation’s new Alpha-Omega Project, backed by Google and Microsoft, aims to systematically improve the security of critical open source software.

NVIDIA’s $40 billion bid for ARM has officially fallen apart under regulatory pressure, and the implications for the semiconductor landscape are enormous.

DeepMind’s AlphaCode system achieves competitive-level performance in programming contests, raising questions about what AI can and can’t do in software engineering.

Terraform 1.1 brings refactoring support and moved/imported blocks, signaling that Infrastructure as Code tooling is growing up.

The Faster CPython project, backed by Microsoft and led by Guido van Rossum, is shipping real performance gains in Python 3.11 alpha.

The White House convened tech leaders to address open source security after Log4Shell. Here’s what was discussed and what it means for developers.