by HELLO EVERYONE!!! It’s November 28th, 2025, and you are reading the 89th edition of Codeminer42’s tech news report. Let’s check out what the tech world showed us this week!
The Shai-Hulud 2.0 npm worm: analysis, and what you need to know – by Christophe Tafani-Dereeper & Sebastian Obregoso
This article explores the rise of Shai-Hulud 2.0, a powerful npm worm that backdoored nearly 800 packages with over 20 million weekly downloads. It details how the malware steals credentials from local files and cloud services, exfiltrates them to GitHub repositories labeled “Sha1-Hulud: The Second Coming”, and even installs self-hosted runners for remote code execution. Datadog and other vendors provide indicators of compromise and defense strategies to help organizations stay protected. Click through to uncover the full analysis and learn how to safeguard your systems.
MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants – by The Hacker News
A main vulnerability in Microsoft Teams allows guest users joining external tenants to bypass their home organization’s Microsoft Defender for Office 365 protections, as security is dictated by the host tenant. Attackers can exploit this by creating malicious tenants with minimal licenses, sending automated invites to enable phishing and malware distribution without scans. Check it out and be safe.
Testing in the Age of AI Agents – by Szymon Dzumak
AI agents lower change costs, turning tightly coupled tests into breakage-prone friction during refactors. Solution: Shift to contract testing—focus on module behavior (inputs/outputs) over implementation for resilient tests. Approaches: Black-box verification, property-based invariants, and integration tests for outcomes. Avoid testing internals or chasing coverage; prioritize bug detection.
What to know about a recent Mixpanel security incident – by OpenAI
On November 9, 2025, attackers accessed Mixpanel systems, exporting limited customer data including OpenAI API users’ names, emails, locations, OS/browser info, and IDs—no chats, API data, passwords, or payments compromised. OpenAI’s systems unaffected; response includes halting Mixpanel use, dataset reviews, user notifications, vendor security audits, and misuse monitoring.
Building AI Agents for DevOps: From CI/CD Automation to Autonomous Deployments – by Muhammad Raza
Build AI agents for DevOps to supercharge CI/CD, example: a Pipeline Health Monitor that uses LLMs (GPT-4/Claude via LangChain/LangGraph) to probe GitHub Actions failures by analyzing logs, commits, and issues. Check it out to know how to improve your CI/CI process.
Completing, Integrating, and Publishing Our Game with DragonRuby – by Julian Rubisch
Finalizing a Flappy Bird clone in DragonRuby: Implement scenes, collision detection, moving obstacles, scoring on passes. Add audio (looping engine, jump/score/crash effects) and HTTP high-score syncing for top 3 display. Check it out the Part I here.
Building Self-Hosting Rails Applications: Design Decisions & Why – by Simon Chiu
Self-host Broadcast as Docker images for Ruby consistency and easy docker compose up setup. Ditch Redis with PostgreSQL-only Rails (SolidQueue/Cable/Cache); use file triggers for UI-host ops (upgrades/backups) via cron. Mount dirs for metrics; Thruster for zero-config SSL/HTTP/2 to ease DevOps.
GitHub Copilot CLI: Boost Developer Productivity in the Terminal – by Lucas Pains
Copilot CLI amps terminal productivity with AI for CLI tasks, CI/CD, jobs: Slash commands, inline prompts, context-aware (files/folders), custom agents, MCP for services, task delegation.
MCP with Quarkus LangChain4j – by Piotr Minkowski
Integrate Quarkus + LangChain4j for MCP: Servers expose tools/prompts via SSE, H2/Panache ORM for data. Clients use @McpToolBox for OpenAI integration, dynamic retrieval. Benefits: Standardized AI tools, modular LLMs; setup with ports/URLs/creds, test via Dev UI/REST.
Why Starting Simple is Your Secret Weapon in the AI-Assisted Development Era – by Atilla Bilgic
The article emphasizes that junior developers should adopt a “just enough scaffolding” approach when using AI tools, starting with minimal structures instead of full services to avoid technical debt and over-complexity. Practical steps include prompting for simple services, documenting conventions, and incrementally adding features. Ultimately, success in the AI era depends not on generating more code but on deeply understanding the code you create.
Languages, Tools & Framework releases
Introducing Claude Opus 4.5
This article introduces Claude Opus 4.5, Anthropic’s newest AI model designed to excel at coding, agents, and complex computer tasks. It delivers state-of-the-art performance in software engineering, long-horizon reasoning, and autonomous workflows, while using fewer tokens for greater efficiency. Click on the article to discover how Opus 4.5 is reshaping the future of AI-powered work.
This Development-cycle in Cargo: 1.92
Cargo 1.92 adds build perf guide (deps/linker tips), advances Cargo script stabilization (frontmatter, build-dir, arg[0] paths). Refines public deps; reorganizes build-dir by units for less collisions/caching wins; compatibility-focused efficiency boosts.
Node.js v20.19.6 (LTS)
This article announces the release of Node.js v20.19.6 (LTS), codenamed Iron, highlighting key updates and fixes. It includes important changes such as updated root certificates, deprecation of HTTP/2 priority signaling, and improvements to build processes across platforms. Click on the article to explore the full list of enhancements and download options.
RubyGems 4.0.0.beta2 Released – by Hiroshi SHIBATA
RubyGems 4.0.0.beta2: Deprecates Gem::Version string compares (undeprecates ); installs Bundler 4.0.0.beta2 default.
Bundler: –lockfile support, Gemfile lockfiles, parallel git, legacy Windows platforms.
Fixes: BUNDLE_VERSION respect, pre-delete file checks.
—
And that’s all for this week! Wish you all a great weekend and happy coding
We want to work with you. Check out our Services page!
