All newsletters
2026-05-25
3 min read
AIAI ToolsAI Coding ToolsFrameworksLanguagesBrowserDevOpsSecurityOpen SourceDev Tools

Linux 7.1-rc5 Shipped with AI Fixes & Google Search Gets Agentic & Ghost CMS CVE-2026-26980 Exploited

Linux kernel embraces AI-generated code fixes, Google transforms search into an agentic AI system, and a critical Ghost CMS SQL injection vulnerability is being mass-exploited across 700+ domains.

AI & ML


  • Robin and Co-Scientist AI agents improve but show fundamental limits — New AI scientists designed for specialized tasks like drug repurposing reveal the boundary between language-based and data-driven reasoning. These systems work directly with scientific literature using natural language but struggle with precision where science demands specificity. Read more
  • XPENG releases VLA 2.0 for more human-like autonomous driving — New Turing AI chips deliver 3000 TOPS and "physical AI" processing that achieves 51% faster neural network speeds, 300% higher throughput, and human-adaptive behavior tuning for self-driving systems. Read more

AI Coding Tools


  • Linux 7.1-rc5 ships with heavy AI agent fixes, Linus unhappy with churnGitHub Copilot and Claude Code generated kernel patches across graphics drivers and security issues in the C code. Linus Torvalds complained the cycle is "pretty big" with ongoing "pointless make-believe work," signaling frustration with late-stage AI-driven contributions. Read more
  • Google Search unified into single AI-powered agent interfaceGemini 3.5 Flash now powers AI Mode globally, reached 1 billion monthly users. New "intelligent search box" lets users ask longer complex questions; interface adapts tone and results based on query type, moving away from the blue-link model. Read more
  • Pi demonstrates self-modifying AI coding agent — Minimalist agent can rewrite its own code. Verification tools like SonarQube critical for handling self-modifying outputs; practitioners should track adoption patterns in small product experiments. Read more
  • Google and Anthropic nerf AI models with compute limits and premium pricingGemini now forces users to buy AI credits for Flow and Antigravity; base-plan courtesy 1,000 credits removed. OpenAI testing A/B tests consolidating compute tiers, sparking user concern about ChatGPT Pro slowdowns. Read more

Frameworks & Libraries


  • Astro 1.0 Beta enables fine-grained partial hydration — Zero JavaScript shipped by default; components load individually with client:load and client:visible directives for custom per-component optimization. Astro's HTML-superset syntax requires no JSX or hooks. Read more
  • React Canaries now officially supported for frameworks — Frameworks can bundle pinned React Canary commits and ship features on their own release schedule. Breaking changes announced on React blog with codemods before stable releases, decoupling framework releases from React majors. Read more

Languages & Runtimes


  • KernelScript: new language for kernel customization and app optimizations — Domain-specific language for Linux kernel configuration and application-level tuning. Read more

Browser & Web Platform


  • Ghost CMS SQL injection (CVE-2026-26980) mass-exploited in ClickFix campaignGhost 3.24.0 through 6.19.1 vulnerable; critical injection allows unauthenticated attackers to steal admin API keys and inject malicious JavaScript. Over 700 domains hit including Harvard, Oxford, Auburn, DuckDuckGo. Fix released February 19 in v6.19.1 but many sites unpatched. Read more

DevOps & Cloud


  • DXC and ServiceNow launch Agentic Control Tower for enterprise AI governance — Framework for managing autonomous AI agents at scale with approval workflows, audit trails, and human oversight. Internally tested before client deployments. Read more
  • Dayforce delays Preceda payroll platform shutdown — Migration delays signal customer friction; Dayforce COO acknowledged valid concerns around support continuity and payroll system criticality. Read more

Security


  • Qualys discovers serious Linux privilege escalation bug from 2016 — Logic bug in kernel introduced November 2016, allows standard users to escalate to root. Present in every version since. Read more
  • Project Glasswing: Anthropic finds 10,000+ zero-days, exposes cybersecurity vulnerability — AI agents discovered vast numbers of unfixed security flaws, revealing classic cybersecurity firms struggle to keep pace with AI-scale vulnerability discovery. Read more

Open Source


  • easy-vibe: "vibe coding" beginner course launched on GitHub — Community-driven course teaching non-programmers to build apps through conversational AI prompting. Read more
  • Superset: orchestrates isolated Claude Code and other agents across git worktrees — Built-in terminal, review, and open-in-editor workflows for managing multiple AI coding agents. Read more
  • rtk-ai/rtk: CLI proxy cuts LLM token consumption by 60-90% — Single Rust binary, zero dependencies; optimizes common dev commands to reduce prompt verbosity. Read more

Enjoyed this issue?

Get this in your inbox

Join 1,000+ developers getting daily tech updates.

Subscribe free

More issues

Claude Code Wins AI Coding Wars & Google Overhauls Search & Gemini Deep Think Advances Science

2026-05-24

GitHub Leads AI Coding Agents & Python Agent Skills Expand & Ubiquiti Patches Max-Severity Flaws

2026-05-23

Gemini for Science & Chrome I/O 2026 Updates & C# Memory Safety & Aurora MySQL 8.4 GA

2026-05-22