InfoWorld

Security researchers have uncovered a malicious npm package that poses as a legitimate WhatsApp Web API library while quietly stealing messages, credentials, and contact data from developer environments. The package, identified as “lotusbail,” operates as a trojanized wrapper around a genuine WhatsApp client library and had accumulated more than 50k downloads by the time it was flagged by Koi Sec…

If you were around for the first big wave of cloud adoption, you’ll remember how quickly the term cloud was pasted on everything. Anything with an IP address and a data center suddenly became a cloud. Vendors rebranded hosted services, managed infrastructure, and even traditional outsourcing as cloud computing. Many enterprises convinced themselves they had modernized simply because the language …

As engineers and managers, we all have been interrupted by those unplanned, time-sensitive requests (or tasks) that arrive outside normal planning cadences. An “urgent” Slack, a last-minute requirement or an exec ask is enough to nuke your standard agile rituals. Apart from randomizing your sprint, it causes thrash for existing projects and leads to developer burnout. This is even more critical n…

Microsoft is providing early access to C++ code editing tools for GitHub Copilot via the Visual Studio 2026 Insiders channel. These C++ tools allow GitHub Copilot to go beyond file searches and unlock greater context-aware refactoring that enables changes across multiple files and sections, according to Microsoft. Public availability was announced December 16 , with the blog also offering instruc…

Anysphere, the developer of AI coding assistant Cursor, is adding some code review and debugging skills to its portfolio with the acquisition of Graphite, TechCrunch reported Friday . The output of AI coding tools often requires extensive debugging, something the company sought to address with new code review capabilities in Cursor 2.0 . Through the acquisition, Anysphere will be able to add new …

The computer revolution has always been driven by the new and the next. The hype-mongers have trained us to assume that the latest iteration of ideas will be the next great leap forward. Some, though, are quietly stepping off the hype train. Whereas the steady stream of new programming languages once attracted all the attention, lately it’s more common to find older languages like Ada and C recla…

The most significant advances in artificial intelligence next year won’t come from building larger models but from making AI systems smarter, more collaborative, and more reliable. Breakthroughs in agent interoperability, self-verification, and memory will transform AI from isolated tools into integrated systems that can handle complex, multi-step workflows. Meanwhile, open-source foundation mode…

If you want to know what is actually happening in generative AI —not what vendors pretend in their press releases, but what developers are actually building—Datasette founder Simon Willison gets you pretty close to ground truth. As Willison has been cataloguing for years on his blog , we keep making the same key mistake building with AI as we did in the web 2.0 era: We treat data and instructions…

A software update knocked out Snowflake’s cloud data platform in 10 of its 23 global regions for 13 hours on December 16, leaving customers unable to execute queries or ingest data. Customers saw “SQL execution internal error” messages when trying to query their data warehouses, according to Snowflake’s incident report . The outage also disrupted Snowpipe and Snowpipe Streaming file ingestion, an…

What is cloud native? Cloud native defined The term “cloud-native computing” encompasses the modern approach to building and running software applications that exploit the flexibility, scalability, and resilience of cloud computing. The phrase is a catch-all that encompasses not just the specific architecture choices and environments used to build applications for the public cloud, but also the s…

From autonomous agents to vibe coding, 2025 was the year generative AI stopped being theoretical and started doing real work—with a little fun along the way. Our readers gravitated toward features and tutorials that explored how to move AI into production software and reshape developer workflows , and to columnists who forced uncomfortable (and sometimes amusing) questions about the role of human…

A few months ago, I worked with a global manufacturer that considered itself conservative on AI. They focused on stabilizing their ERP migration to the cloud, modernizing a few key customer-facing apps, and tightening security. The CIO’s position on generative AI was clear: “We’ll get there, but not this year. We’re not ready.” On paper, they were officially “not doing AI.” In reality, they were …

AI code generation appears to have a few kinks to work out before it can fully dominate software development, according to a new report by CodeRabbit . When compared to human-generated code, AI code created 1.7 times more problems discovered in pull-request analysis, according to the report. AI coding assistants have become a standard part of the software development workflow, but developers have…

Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Financially-motivated attackers have found a way to use the flaw, dubbed React2Shell ( CVE-2025-55182 ), to execute arbitrary code on vulnerable servers through a single malicious HTTP request. This allows them to quickly and eas…

Touted as an extremely fast Python type checker and language server, ty has moved to beta. Developers can install ty with uv tool install ty@latest , or via a Visual Studio Code extension . A stable release is eyed for 2026, according to ty steward Astral. Written in Rust , ty is positioned as an alternative to tools such as Mypy, Pyright, and Pylance . In a December 16 blog post , Astral founder…