NewApp Digest
search bot

development community

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know
Tech Optimizer
October 29, 2025

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac – here’s what we know

Security researchers from Socket have discovered ten malicious npm packages that infiltrated the Node Package Manager ecosystem, mimicking legitimate tools and downloaded nearly 10,000 times. These typosquatted packages contain malware that bypasses application-level security to target system keyrings, allowing the harvesting of decrypted credentials and access to critical resources like corporate emails and databases. Users who installed these packages are advised to treat their systems as compromised, disconnect from the internet, revoke exposed credentials, wipe and rebuild the infected system, change passwords, audit npm dependencies, review logs for suspicious activity, and enable multi-factor authentication.
RPG developer Owlcat launches free game dev learning resource: 'A rising tide truly lifts all ships'
AppWizard
October 15, 2025

RPG developer Owlcat launches free game dev learning resource: ‘A rising tide truly lifts all ships’

Cyprus-based Owlcat Games has launched the GameDev Learning Drop, a free directory of resources for game developers, in collaboration with several game studios and publishers, including Midwest Games, Fireshine Games, Gaijin Entertainment, and 11 Bit Studios. The initiative features over 350 curated learning resources covering topics like game design, programming, narrative design, and project management. The project originated from Owlcat's internal practice of sharing valuable resources among team members. The GameDev Learning Drop is intended to be a continuously updated resource, allowing other developers and publishers to contribute materials for review and inclusion.
Android app developers will soon need to verify identity to distribute apps outside Play Store
AppWizard
August 27, 2025

Android app developers will soon need to verify identity to distribute apps outside Play Store

Google will require app developers to undergo a verification process starting in September 2026 to distribute apps outside the Google Play Store. An early access program for developers will begin in October 2025, with a broader rollout planned for March 2026. Developers will use a new Android Developer Console to verify their identities, enabling Android devices to block apps from unverified developers.
Even more games are moving out of Silksong's way: 'I feel like a little krill trying not to get eaten by a blue whale'
AppWizard
August 23, 2025

Even more games are moving out of Silksong’s way: ‘I feel like a little krill trying not to get eaten by a blue whale’

In 2024, nearly 19,000 new games were launched on Steam, intensifying competition in the gaming industry. Team Cherry announced that Hollow Knight: Silksong will debut on September 4, prompting other developers to adjust their release schedules. CloverPit delayed its launch from September 3 to September 26 due to Silksong's release. Frogteam Games expressed challenges in gaining visibility in the crowded market, comparing their situation to "a little krill trying to not get eaten by a blue whale." Faeland postponed its full release from September 9 to an unspecified future date, and Aeterna Lucis shifted its release from September to 2026, citing Silksong as a factor. Demonschool plans to release on September 3 despite Silksong's presence. Some developers, like those behind Stomp and the Sword of Miracles, have seen increased interest after postponing their launches. Simon Carless suggested that developers may be overly cautious in adjusting timelines, as the impact on sales may not be as significant unless there is a substantial audience overlap with Silksong.
Critical PostgreSQL Vulnerabilities Allow Arbitrary Code Execution During Backup Restoration
Tech Optimizer
August 18, 2025

Critical PostgreSQL Vulnerabilities Allow Arbitrary Code Execution During Backup Restoration

The PostgreSQL Global Development Group has released security and maintenance updates for versions 17.6, 16.10, 15.14, 14.19, 13.22, and the third beta of PostgreSQL 18. The updates address three critical vulnerabilities: 1. CVE-2025-8714 (CVSS 8.8) - Allows code injection during dump restoration via pg_dump operations. 2. CVE-2025-8715 (CVSS 8.8) - Enables SQL injection through newline injection in object names during pg_dump. 3. CVE-2025-8713 (CVSS 3.1) - Exposes optimizer statistics data. The update also improves BRIN index performance, logical replication, and resolves WAL segment removal issues. PostgreSQL 13 will reach end-of-life on November 13, 2025. The third beta of PostgreSQL 18 is in development, with general availability expected in September-October 2025. Administrators should perform reindexing after the upgrade if using specific BRIN indexes.
"Serious" MySQL bug celebrates 20 years unfixed - another reason to switch to PostgreSQL?
Tech Optimizer
June 24, 2025

“Serious” MySQL bug celebrates 20 years unfixed – another reason to switch to PostgreSQL?

A bug in MySQL, reported in June 2005, remains unfixed after 20 years and is classified as “S2 (Serious).” This ongoing issue has led some developers to consider switching to PostgreSQL, which is known for its advanced features and active development. The persistence of this bug raises concerns about the long-term viability of MySQL for mission-critical applications and may affect user confidence in the platform's stability and security.
Microsoft to add Anthropic's AI coding agent to its GitHub service
Winsage
May 20, 2025

Microsoft to add Anthropic’s AI coding agent to its GitHub service

Microsoft is integrating an artificial intelligence coding agent from Anthropic into its GitHub platform, alongside its own coding agent. This was announced by Executive Vice President Jay Parikh during Microsoft's annual software developer conference. The AI tool aims to assist developers by automating tasks such as bug identification and resolution. Additionally, Microsoft is collaborating with OpenAI to provide another coding agent, reflecting its commitment to offering diverse AI solutions for developers and organizations.
Microsoft open sources Windows Subsystem for Linux
Winsage
May 20, 2025

Microsoft open sources Windows Subsystem for Linux

Microsoft has announced the open-sourcing of the Windows Subsystem for Linux (WSL), which has evolved since its introduction in 2016. WSL was initially designed to enable Windows to run ELF executables natively through a compatibility layer. Compatibility challenges led to the development of WSL2, introduced to testers in 2019. By 2021, Microsoft decided to remove WSL code from the Windows ecosystem to align with the rapid updates of the Linux community. As of 2024, Microsoft has transitioned to a new WSL package, moving away from the original WSL component bundled with Windows. Nearly all previously closed code for WSL is now available on GitHub at Microsoft/WSL, allowing developers to contribute to its evolution. However, the kernel-side driver lxcore.sys and other related components remain part of Windows and are not open-sourced. Microsoft has acknowledged the community's role in shaping WSL but has not clarified the project's future management or the establishment of a steering committee.
Search