Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/verce…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

Ollama now has Anthropic API compatibility. 🦙 This enables tools like Claude Code to be used with open-source models. 😍 Get started and learn more 👇👇👇

We’re seeing up to 14.5 million attempts per hour to exploit the #React2Shell vulnerability across @Cloudflare’s network. This is a very bad exploit. While our WAF is helping protect customers, it’s critical to update your React and Next.js instances as soon as possible.

Complex systems make more sense when you treat them as graphs. The next article in our core algorithmic series breaks down how BFS, toposort, Dijkstra, and Bellman–Ford answer reachability, ordering, and cost. Read more: bliztek.com/blog/post/practi…

Anthropic is acquiring @bunjavascript to further accelerate Claude Code’s growth. We're delighted that Bun—which has dramatically improved the JavaScript and TypeScript developer experience—is joining us to make Claude Code even better. Read more: anthropic.com/news/anthropic…

We have updated this list to include more than 500 packages and 700 affected versions, as well as a technical analysis of the attack. socket.dev/blog/shai-hulud-s… cc: @Cooperpress @TheHackersNews @BleepinComputer @TheRegister @SecurityWeek

Greedy algorithms are how schedulers, top k analytics, and routing code decide “what’s next” under load. This week: how to pair greedy strategies with heap backed priority queues in JavaScript, with concrete TypeScript examples. bliztek.com/blog/post/greedy…

Big news! cfl.re/3XyaauR

AI adoption is dependent on building trust and understanding of what’s going on under the hood.

Our series on core coding patterns continues with a look at heaps in event-driven systems. They keep “next due task” constant-time, even when work arrives out of order. The piece covers drift, cancellation, and how real schedulers behave under load. bliztek.com/blog/post/heaps-…

Continuing our series on core algorithmic patterns with stacks — the structure behind function calls, recursion, and undo systems. A look at how this simple idea still defines control flow and state in modern software. Read more: bliztek.com/blog/post/stacks…

You can select multiple areas on your map in seconds with the lasso tool. This feature is available for Spatial data in all DBeaver editions, including Community. You can use it with PostgreSQL, MySQL, and many other databases: dbeaver.com/docs/dbeaver/Wor…

We’re continuing our series on algorithmic patterns with the fast/slow pointer technique — a simple way to detect cycles and reason about relative motion in systems. Interested? Read more: bliztek.com/blog/post/fast-a…

The security vulnerability we found in Perplexity’s Comet browser this summer is not an isolated issue. Indirect prompt injections are a systemic problem facing Comet and other AI-powered browsers. Today we’re publishing details on more security vulnerabilities we uncovered.

Continuing our series on core algorithmic patterns. This week we focus on HashMaps — how constant-time lookups work in practice and why memory layout matters as much as complexity. Read more: bliztek.com/blog/post/unders…

ElevenLabs released a bunch of UI components for working with audio. I modified the waveform visualizer to display the speakers in different colours based on transcript data Beauty of shadcn type installs, just jump in a modify the code directly

We’re kicking off a new series on core algorithmic patterns every software engineer should know. Part 1: The Two-Pointer Technique — a simple idea that reduces redundant work and boosts performance. Read more: bliztek.com/blog/post/two-po… #Algorithms #SoftwareEngineering

Excited to have our official Brave Search MCP Server made available on @SmitheryDotAI. Huge thanks to @arjunkmrm and team for their assistance, and for building such an impressive platform and service. Head over to smithery.ai/server/@brave/mc… and check out the hosted MCP server. You'll need a Brave Search API key, which you can get for free (2K queries per month) at brave.com/search/api/.