Tested Krea 2 Raw and Turbo on M1 Max 64GB ComfyUI. Turbo bf16 runs ~3.5 min/image, fp8 is rejected on MPS, and Raw's 52-step+CFG NaNs to a black image after 47 min. Plus quality, NSFW behavior, and license.
npm CLI 11.15.0 stages a tarball for maintainer 2FA approval before it hits the registry. Plus --allow-* install controls and how they differ from release-age gates and allowScripts.
Ghost 3.24.0–6.19.0 Content API SQLi leaked Admin API keys and injected ClickFix loaders into posts. Patch to 6.19.1+, rotate keys, and grep post bodies.
A browser WYSIWYG that parses your existing TikZ and rewrites only the changed coordinates when you drag shapes, keeping your .tex formatting. What it supports and where it breaks.
Codex's logs_2.sqlite wrote ~37TB to an SSD in 21 days, per a GitHub issue. Cause: TRACE logs and SQLite WAL write amplification, the two June 22 fix PRs, and what to check.
Wrangler 4.102.0+ adds wrangler deploy --temporary: publish a Worker to a workers.dev URL with no Cloudflare account for 60 minutes. The agent loop, claiming, and D1/KV limits.
Sakana Fugu trains no base model: a learned conductor routes GPT-5.5/Claude/Gemini. How it compares to PLaMo (scratch, closed) and LLM-jp (fully open), how it differs from OpenRouter, and its biggest risk.
Dug a 2001 Aquaplus P/ECE out of a closet and got my own C game running on it: WinUSB/Zadig for the dead driver, a from-source S1C33 LLVM toolchain, and a 15GB-RAM OOM.
postcss, nanoid and browserslist all ship from one npm account: 964M downloads/week, no provenance. Not a breach but a single-publisher risk — what moved to staged releases, and what to check in your lockfile.
Tested Qwen3.7 Plus on ModelScope: native function calling and parallel tool calls work. I built a tool loop, skills, and error recovery with just the openai SDK, then had it ship a working Flask BBS.
Actively exploited unauth RCE (CVSS 10.0) in Joomla JCE ≤2.9.99.4 via profile import, now in CISA KEV. Patch to 2.9.99.7, then hunt rogue profiles and webshells.