software development
CVE Lite CLI: Open-source dependency vulnerability scanner
Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration …
Microsoft’s WinUI agent plugin trims token use by over 70% during development
Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX …
OpenAI’s Daybreak uses Codex Security to identify risky attack paths
OpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI …
HEIDI: Free IDE security plugin for open-source vulnerability checks
Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems …
Google is turning Android Studio into a policy watchdog
Google has expanded Play Policy Insights in Android Studio to help developers catch policy issues while coding, including warnings for common problems such as missing login …
Node.js 26 ships with Temporal API enabled by default
Developers managing JavaScript runtimes have a new major version to evaluate. Node.js 26.0.0 brings the long-awaited Temporal API to the platform alongside an updated V8 …
Can your coding style predict whether your code is vulnerable?
Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all …
Visual Studio Code 1.118 adds auto model selection to Copilot CLI
Microsoft’s editor releases continue on a monthly cadence, with the Insiders build of Visual Studio Code 1.118. The update concentrates on the Copilot CLI integration, …
Visual Studio cloud agents now run inside GitHub Copilot
Microsoft’s April update to Visual Studio introduces cloud agent integration in GitHub Copilot, enabling developers to offload tasks to remote infrastructure for scalable, …
Where AI in CI/CD is working for engineering teams
Developers have folded AI into daily coding work. Still, the same tools remain largely absent from the systems that validate and ship software. New research from JetBrains …
Social engineering attacks on open source developers are escalating
North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that …
Android developers just got a new verification layer
To help prevent malicious actors from spreading harmful apps while hiding behind anonymity, Google is rolling out developer verification to all Android developers. The company …
Featured news
Resources
Don't miss
- Lessons for organizations from the Verizon 2026 Data Breach Investigations Report
- OpenHack: Open-source AI-powered vulnerability research
- Boards want cyber risk in dollars, not CVE counts
- $20 per zero-day is already the WordPress plugin reality
- Deleted Google API keys keep working for up to 23 minutes, researchers warn