A fresh supply chain ambush—Scavenger—slipped into npm through the front door. Attackers phished maintainers of high-profile packages likeis,eslint-plugin-prettier, andsynckit, then dropped cross-platform JavaScript malware straight into the codebase. Real-time C2 channels included. They typosquatt.. read more  

AWS wants long-term IAM access keys gone. In their place:temporary creds via IAM roles,IAM Identity Center,CloudShell, andOIDC integrations. The push covers everything—CLI tools, local dev, compute, CI/CD, even old-school on-prem. The message is clear: rotate automatically, grant minimally, and sto.. read more  

Azure DevOps made it easier to link up with GitHub—no more re-installing the Azure Pipelines GitHub App to kick things off. Teams can spin up aGitHub App–based service connectiondirectly from a dummy pipeline setup. The service connection comes GitHub App–authenticated out of the gate. Super handy .. read more  

vClustercuts Kubernetes infra costs by running virtual clusters as pods inside a shared host. No more spinning up full control planes for every tenant. Itslean Syncerfilters API traffic to keep clusters from melting down.Shared controllersand a built-insleep modekeep idle workloads quiet—and cheap... read more  

Kubernetes 2.0 is kicking YAML to the curb.After years of living and breathing.yamlfiles, the project is eyeing a hard break. Maintainers haven’t said it outright, but the message is clear: YAML isn’t cutting it anymore. System shift:This could signal a real usability reboot—maybe even a less painf.. read more  

TheKubernetes Gateway APIhit v1.0 and is officially stable. It's a clean break from the old Ingress model, bringing modular, role-aware, multi-protocol control. Core players:Gateway,GatewayClass, andHTTPRoute. On the flip side,Kong Gatewayis losing ground. The newer kids—Envoy Gatewayandkgateway—ar.. read more  

Docker’s sunsettingDocker Content Trust (DCT)in 2025, starting withDocker Official Images. Not many used it, andNotary v1is toast. So they’re moving to modern signing tools likeSigstoreandNotation. Migration guides are on the way. What’s really happening:The container world’s ditching old trustboxe.. read more  

Kubernetes monitoring isn't just about scraping metrics anymore. It's grown up into full-stack observability—metrics, logs, traces, plus flashy toys like AI-powered anomaly detection, real-time dashboards, and distributed tracing that actually works. The big players—Prometheus,Grafana,Datadog,Dynat.. read more  

Depot just droppedNVMe-backed cache mounts—persistent, high-speed, and wired for true incremental Docker builds. Yes, even inephemeral CI. It hooks intonative BuildKit cache mounts, supporting bothsharedandexclusiveaccess. No more fragile registry caches. No more arcane CI cache duct tape... read more  

Talos Linux—an OS stripped down to the essentials and locked tighter than a production firewall—now boots cleanly as a VM onProxmox, playing nice with fullKVM/QEMUsupport. No shell, read-only filesystem, all wired forKubernetesviatalosctl. System shift:Devs are tossing old-school VM stacks for bare.. read more