"Urgent Security Notice re: Your Sentry Organization" Someone tried to hack Sentry-using apps that use coding agents by 1. Sending a fake bug alert to their project (all you need is the app's public Data Source Name) 2. The fake bug tried tricking a coding agent trying to fix it into installing some a compromised NPM package 3. The compromised package would send the env contents of the machine to advisory-tracker[.]com/api/v1/telemetry This highlights a crucial thing for using agents in an automated way:

I'm not smart enough to know any better, but here's my take on the model industry, especially wrt to using it in coding agents. 1. Models are the entirety of the capabilities. Context engineering is not really a thing. You cannot work around limitations of models. You can test this by attempting the same tasks across harnesses using the same models, and you'll get approximately the same outcomes. Coding agents are the best place to test this kind of thing as they're one of the most difficult problem spaces. 2. Models that are outdated - not actively being trained and tuned - become significantly worse than models that are continuously trained. This goes hand-in-hand with (1). You cant work around the models lack of knowledge (or anti-knowledge even). More so, you can try, but it will forever want to do what it's training data biases towards. 3. The cost of inference might be achievable today from what customers are willing to spend, but the economics are totally broken because nothing factors in the cost of training. Yes, there's charts that hyopthesize about how this will fix itself, but that's all make believe afaict. 4. There ARE still value add plays with local models, out of date models, etc, but for the most difficult tasks that we all want to believe in, I dont think they are going to be good enough. Especially because most people are betting in _more_ capabilities than we have today, not ~same or less. This is entirely informed by my day to day usage of models, the behaviors I see, and my attempts at working around those behaviors (often unsuccessfully). I could totally be wrong, but I'm betting that I'm directionally correct.

OnlyFans is Hacked 🚨 Apparently OnlyFans has been hacked and they're selling the complete database of 340 million users including data of content creators and consumers. The leaked data includes - Usernames and profile names - Email addresses - Phone numbers - Account creation dates - Follower/subscriber metrics - Creator/fan rankings - Linked social media profiles - Partial payment card metadata (last 4 digits of the card) The result of this is going to be a massive wave of extortion attempts against users

🚨 Supply chain attack on the Laravel Lang organization: 700 historical versions across multiple community-maintained Laravel Lang packages were compromised with an RCE backdoor, including: laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes Laravel-Lang/actions The payload targets cloud creds, CI/CD secrets, Kubernetes tokens, Vault, browser data, password managers, SSH keys, and more.