Composer and Packagist share a solid overview of the supply chain security work already in place, what is shipping now, and what is coming next. Worth reading if you maintain PHP packages or care about how the ecosystem is hardening against package compromise. Read more
Socket CEO Feross Aboukhadijeh joined John Coogan and Jordi Hays on TBPN to discuss Socket's $60 million Series C led by Thrive Capital, the company's 500%+ ARR growth over the past 12 months, and why software supply chain security has moved to the top of the priority list at nearly every company. The 10-minute conversation covers three forces converging right now: AI generating more third-party code than ever before, frontier models surfacing massive volumes of vulnerabilities across operating…
Last week, we had our first Infrastructure & Ops superstream of 2026, Platform Engineering in the Age of AI. Our speakers explored a range of topics focused on supporting new AI workloads, each with unique infrastructure needs, unpredictable costs, and novel security concerns. Google Cloud’s Abdel Sghiouar took the audience through what a good platform […]
Anthropic are strongly rumored to be about to have their first profitable quarter. Stories are circulating of companies surprised at how expensive their LLM bills are becoming from usage by their staff. I think this is because OpenAI and Anthropic have both found product-market fit. Enterprise customers are now paying API prices I think they've found product-market fit And they're ramping up The AI-failure stories around this are pretty thin We also know the labs are spending a lot API revenue…
SymfonyOnline June 2026 is officially scheduled for June 11 and 12, 2026! Join us online for two tracks of cutting-edge tech talks: one full day dedicated to AI and another full day focus on Symfony Deep Dive. 🎤 Speaker announcement! We are excited…
Symfony includes two components dedicated to working with JSON: JsonStreamer encodes PHP data into JSON and decodes JSON back into PHP objects by streaming the contents, which provides high performance and low memory usage even for large payloads; JsonPath…
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded __toString()…
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description The per-template filter, tag and function allow-list check is compiled into the checkSecurity() method of each Template…
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded __toString()…
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description The 3.26.0 source-policy hardening changed the signature of CoreExtension::checkArrow() to take a boolean $isSandboxed…
Affected versions Twig versions <=3.26.0 are affected by this security issue. The issue has been fixed in Twig 3.27.0. Description This is a residual bypass of CVE-2026-46635 / GHSA-vcc8-phrv-43wj that only affects sandboxing enabled through SourcePolicyInterface…
A thoughtful review of AI-generated frontend code in a real product: strong in isolated spots, but increasingly inconsistent at the system level. It also makes the case for using AI as a candidate generator and validator, not as the reviewer with the final opinion. Read more
The following article originally appeared on Addy Osmani’s blog and is being reposted here with the author’s permission. The default behavior of any AI coding agent is to take the shortest path to “done.” Ask for a feature and it writes the feature. It doesn’t ask whether you have a spec, write a test before […]
PICARD: Data, shields up DATA: Brilliant! Shields can reduce damage we sustain. Not immunity. Not hubris. Just prudence. It's not precaution—it's strategy. [camera shakes] WORF: HULL BREACHES ON NINE DECKS DATA: Here's what happened: you told me to raise shields, and I didn't — Kyle Ferrana, @KyleTrainEmoji Tags: ai-misuse, coding-agents, ai, llms
OSV, the OpenSSF-backed vulnerability database, withdrew 157 malicious-package reports on May 26 after automated detections incorrectly flagged npm and PyPI packages as malware, pushing bad records for trusted projects into OSV-consuming security tools and CI/CD systems. The rollback happened in OpenSSF’s malicious-packages repository, where OSV-format records for malicious packages are maintained. A PR titled “Withdraw FastAPI v0.136.3 and other FPs reports,” began with a false-positive…
Aucun résultat
Essayez avec d'autres termes de recherche.