Skip to content

Four Signals

Agentic insights for modern tech teams

GitHub confirms breach of 3,800 repos via malicious VSCode extension
Security / bleepingcomputer.com

GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub confirmed that roughly 3,800 internal repositories were breached after an employee installed a malicious VS Code extension, which was subsequently removed from the marketplace. The TeamPCP hacker group—previously linked to supply chain attacks on PyPI, NPM, and Docker—claimed responsibility and is demanding $50,000 for the stolen code. GitHub reports no customer data was affected, but this incident underscores the risk of supply chain attacks via developer tooling.

Why it matters

For engineers building on cloud platforms, this incident highlights how vulnerable developer endpoints and IDE extensions can serve as an entry point into internal source code, threatening intellectual property and CI/CD pipelines.
OpenTofu 1.12 The Feature Terraform Never Shipped
Cloud / infoq.com

OpenTofu 1.12 The Feature Terraform Never Shipped

OpenTofu 1.12 ships dynamic prevent_destroy, enabling variable-driven resource protection across environments—a feature requested since Terraform 0.7 in 2016 but never implemented. It also resolves provider lock file friction by having the registry return both zh and h1 checksums in one pass, eliminating the need for a separate tofu providers lock run. The new -json-into=FILENAME flag writes machine-readable JSON to a file while preserving human-readable terminal output, simplifying tooling integration.
Which OpenAPI Codegen Should You Choose? openapi-typescript vs hey-api vs Orval vs Kubb
DevTools / dev.to

Which OpenAPI Codegen Should You Choose? openapi-typescript vs hey-api vs Orval vs Kubb

For large OpenAPI schemas (75k lines, 1200 operations), codegen tool choice impacts generation speed, file count, and maintainability. openapi-typescript excels for types-only, while @hey-api/openapi-ts offers operationId-based SDK with result-style errors and interceptors. Orval generates ecosystem artifacts (TanStack Query, Zod, MSW), and Kubb produces one file per operation via plugin architecture—with hey-api being the most practical for real-world scale.
verge-mood-gemini-google-ai-studio
General / theverge.com

I can’t believe how fast Google vibe coded my first Android app

Google AI Studio enabled the author to build three Android apps in one afternoon by typing prompts—148 words produced a working app in 10 minutes, with Gemini automatically generating features, design mockups, and code. However, the resulting apps were buggy and shallow, and a daily usage limit pushed a paywall after initial free iterations, revealing the gap between rapid prototyping and polished production software.
Anthropic is expanding to Colossus2. Will use GB200
Open Source / twitter.com

Anthropic is expanding to Colossus2. Will use GB200

Anthropic appears to be expanding its infrastructure to a new cluster called 'Colossus2', which will reportedly use NVIDIA GB200 GPUs. This likely signifies a major scale-up in Anthropic's compute capacity for training and deploying advanced AI models, potentially in partnership with a cloud provider like AWS or GCP.