[tech]

The 'element-data' npm package was silently stealing user credentials at massive scale. If it's in your stack, stop reading and go check right now.

The US Supreme Court is deciding whether geofence warrants are constitutional. The ruling will set the rules for how law enforcement can use your smartphone's location data — forever.

The Shai-Hulud worm infected 172 npm and PyPI packages and doesn't leave when you uninstall them. Your dev environment may already be compromised.

Someone is finally documenting the full history of Visual Basic, and Chapter 1 is live. The Hacker News crowd has a lot of feelings about it.

Bun's experimental Rust rewrite just cleared 99.8% test compatibility on Linux x64 glibc. That's not a footnote — it's a signal that this runtime war is about to get a lot more interesting.

A developer built a fully functional web server in pure assembly language and posted it on Hacker News with refreshing honesty. No pitch, no startup — just raw code and a existential joke for a title.

Two Palo Alto CVEs scored as separate, manageable risks. Attackers chained them together and got root access across 13,000 exposed management interfaces. This is a triage problem, not a patching problem.

Hundreds of subdomains from top universities are serving porn and scam pages. No sophisticated hacking required — just institutional laziness.

Fitbit 4.68 is rolling out with sleep history editing, motivational Coach messages, and deeper personalization. Here's what actually changed and why it matters.

Between 2005 and 2019, the number of words we speak out loud dropped nearly 28%. And the pandemic almost certainly made it worse.

SusHi Tech Tokyo 2026 isn't another bloated tech conference. It's where the people actually building and funding the future show up with real demos and real money.