by HELLO EVERYONE!!! It’s June 27th, 2025 and you are reading the 67th edition of the Codeminer42’s weekly tech news report. Let’s check out what the tech world showed us this week!
Introducing On Rails: A New Podcast from the Rails Foundation – by Robby Russell
The latest episode of the On Rails podcast dives into key discussions around the upcoming Rails World 2025. Highlights include updates on conference sessions, community engagement, and sponsorship news. The hosts interview influential Rails contributors about trends in the ecosystem. They also reflect on recent Rails releases and best practices. Listen for tips and insights ahead of the September event.
New Crypto-Jacking Attacks Target DevOps and AI Infrastructure – by Matt Saunders
Emerging campaigns like JINX‑0132 are exploiting DevOps pipelines to deploy crypto‑mining malware on CI/CD systems. The article stresses the importance of disabling script checks in Consul and locking down Docker, Gitea, and other DevOps tools. Configuring APIs to be accessible only locally and enforcing proper authentication are key defenses. A Matrix Sec poster notes: “speed and flexibility… only when paired with strong security hygiene.”
Pyrefly and Ty: Rust‑Powered Python Type‑Checking Tools Compared – by Serdar Yegulalp
This piece introduces Pyrefly (Meta’s successor to Pyre, now in Rust) and Astral’s Ty, both blazingly fast type-checkers for Python. Benchmarks show speed improvements over Python-based tools, making type checking more developer-friendly. The article compares feature support, usability, and maturity. They conclude both are strong but still evolving tools.
LinkedIn Announces Northguard and Xinfra: Scaling Beyond Kafka for Log Storage and Pub/Sub – by Eran Stiller
LinkedIn revealed Northguard, a new log storage system that replaces Kafka, offering sharded metadata, log striping, and strong consistency. Alongside it, Xinfra is introduced as a virtualized Pub/Sub layer atop Northguard. These systems aim to scale LinkedIn’s distributed infrastructure and streamline log processing. Engineers share technical insights into designs and trade-offs. Check it out!
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access – by Ravie Lakshmanan
Cisco patched two severe RCE vulnerabilities (CVE‑2025‑20281, CVE‑2025‑20282) in the Identity Services Engine and ISE Passive Identity Connector. Both allow unauthenticated attackers to execute commands as root; both scored 10.0/10.0 on CVSS. AWS, Azure, and OCI users are urged to apply updates immediately. These critical flaws pose serious risks to cloud-deployed Cisco ISE environments.
North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages – by Ravie Lakshmanan
North Korea‑Linked Supply‑Chain Attack Targets Developers (The Hacker News)
A new supply-chain campaign, dubbed “Contagious Interview,” pushed 35 malicious npm packages from 24 accounts linked to North Korea. These packages target JavaScript developers to inject malware into CI/CD workflows and developer machines. Researchers warn of the growing sophistication of DPRK operations in open-source malware delivery.
LLMs bring new natura of abstraction – by Martin Fowler
Martin Fowler explores how large language models (LLMs) alter traditional software abstraction. Rather than hiding complexity through interfaces, LLMs generate usable code and interfaces from natural language. This redefines the developer’s role, allowing higher-level thinking and faster prototyping. Fowler argues this shift demands new models of design and trust.
Expert Generalists – by Martin Fowler
In this article Fowler champions the value of expert generalists-professionals with wide but deep knowledge across domains. He contrasts them with specialists, noting generalists often see broader patterns and drive innovation. The piece encourages cultivating cross-disciplinary experience in software teams. Generalists are key in uncertain or evolving environments. He advocates for supporting this profile in hiring and team dynamics.
Releases
Node v22.17.0(LTS) Released – by Antoine du Hamel
This release brings long-term support (LTS) updates to Node.js 22.17.0, including performance improvements and dependency bumps. Key changes include updates to V8, support for newer JavaScript features, and improved module resolution. Security patches were also applied. Developers are encouraged to migrate to this LTS version for stability. The release maintains Node.js’s commitment to regular, reliable updates.
Spring for GraphQL 1.3.6 and 1.4.1 released – by Bryan Clozel
Spring team released patch updates 1.3.6 and 1.4.1 for Spring for GraphQL, enhancing federation and client support. These builds include bug fixes, dependency updates, and improved Bootstrap tooling via start.spring.io. Users of Spring Boot are directed to adopt these versions for stability. The release reflects the ongoing modernization of GraphQL integration.
Firefox 140 Now Available for Download, Here’s What’s New – by Bobby Borisov
Mozilla released Firefox 140, which drops Pocket integration and introduces tab unloading to optimize memory usage. On Android, it adds biometric lock support for private tabs. The update further refines privacy and performance across platforms.
Omarchy is out – by David Heinemeier Hansson
DHH shares his setup for his new opinionated mix of Arch Linux and the Hyprland tiling window manager – Omarchy! This combination has been a favorite among many developers, check it out!
Introducing MSSQL MCP Server (Preview) – by Arun Vijayraghavan
Microsoft introduces MSSQL Managed Compute Plane (MCP) Server, enhancing Azure SQL’s AI-assisted development experience. MCP Server helps manage computing for intelligent code completions and secure, context-aware assistance. Built on open-source MCP protocol, it integrates into Azure’s SQL offerings to streamline developer workflows.
—
And that’s all for this week! Wish you all a great weekend and happy coding!
We want to work with you. Check out our Services page!
