OpenAI spills technical details about how its AI coding agent works

On Friday, OpenAI engineer Michael Bolin published a detailed technical breakdown of how the company’s Codex CLI coding agent ...

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Moonshot's new Kimi K2.5 model can build websites from visual inputs - here's how it works

While it's not yet clear how practically useful the capability will be for individuals and businesses, the model's "coding with vision" capability makes vibe coding even vibier.
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

New ClickFix attacks abuse Windows App-V scripts to push malware

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...
The Official Microsoft Blog

Maia 200: The AI accelerator built for inference

Today, we’re proud to introduce Maia 200, a breakthrough inference accelerator engineered to dramatically improve the ...

Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Microsoft Launches winapp to Simplify Windows App Development

Microsoft’s new winapp CLI simplifies Windows app development with one-command setup, faster testing, and easier packaging.
GitHub

Language Server for Kotlin

The project is in an experimental, pre-alpha, exploratory phase with the intention to be productionized. We move fast, break things, and explore various aspects of the seamless developer experience ...
Visual Studio Magazine

Hands On: Testing Cursor, Windsurf and VS Code on Text-to-Website Generation

A hands-on comparison shows how Cursor, Windsurf, and Visual Studio Code approach text-to-website generation differently once ...
FinanceFeeds

North Korean Hackers Use Fake Job Interviews to Hits 3,100 IP Addresses Linked to Crypto and AI

North Korean hackers hit 3,136 IPs using fake job interviews to deploy malware via coding tests on LinkedIn, targeting crypto and AI firms.