10 interesting stories served every morning and every evening.

SWIPE LEFTPRESS RIGHT ARROW

1 1,866 shares, 64 trendiness

Introducing Claude Opus 4.7

Our latest model, Claude Opus 4.7, is now generally available. Opus 4.7 is a notable improvement on Opus 4.6 in advanced software engineering, with particular gains on the most difﬁcult tasks. Users report being able to hand off their hardest coding work—the kind that previously needed close supervision—to Opus 4.7 with conﬁdence. Opus 4.7 handles complex, long-running tasks with rigor and consistency, pays precise attention to instructions, and devises ways to verify its own outputs before reporting back.The model also has substantially better vision: it can see images in greater resolution. It’s more tasteful and creative when completing professional tasks, producing higher-quality interfaces, slides, and docs. And—although it is less broadly capable than our most powerful model, Claude Mythos Preview—it shows better results than Opus 4.6 across a range of benchmarks:Last week we announced Project Glasswing, highlighting the risks—and beneﬁts—of AI models for cybersecurity. We stated that we would keep Claude Mythos Preview’s release limited and test new cyber safeguards on less capable models ﬁrst. Opus 4.7 is the ﬁrst such model: its cyber capabilities are not as advanced as those of Mythos Preview (indeed, during its training we experimented with efforts to differentially reduce these capabilities). We are releasing Opus 4.7 with safeguards that automatically detect and block requests that indicate prohibited or high-risk cybersecurity uses. What we learn from the real-world deployment of these safeguards will help us work towards our eventual goal of a broad release of Mythos-class models.Security professionals who wish to use Opus 4.7 for legitimate cybersecurity purposes (such as vulnerability research, penetration testing, and red-teaming) are invited to join our new Cyber Veriﬁcation Program.Opus 4.7 is available today across all Claude products and our API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry. Pricing remains the same as Opus 4.6: $5 per million input tokens and $25 per million output tokens. Developers can use claude-opus-4-7 via the Claude API.Claude Opus 4.7 has garnered strong feedback from our early-access testers:In early testing, we’re seeing the potential for a significant leap for our developers with Claude Opus 4.7. It catches its own logical faults during the planning phase and accelerates execution, far beyond previous Claude models. As a ﬁnancial technology platform serving millions of consumers and businesses at significant scale, this combination of speed and precision could be game-changing: accelerating development velocity for faster delivery of the trusted ﬁnancial solutions our customers rely on every day.Anthropic has already set the standard for coding models, and Claude Opus 4.7 pushes that further in a meaningful way as the state-of-the-art model on the market. In our internal evals, it stands out not just for raw capability, but for how well it handles real-world async workﬂows—automations, CI/CD, and long-running tasks. It also thinks more deeply about problems and brings a more opinionated perspective, rather than simply agreeing with the user.Claude Opus 4.7 is the strongest model Hex has evaluated. It correctly reports when data is missing instead of providing plausible-but-incorrect fallbacks, and it resists dissonant-data traps that even Opus 4.6 falls for. It’s a more intelligent, more efﬁcient Opus 4.6: low-effort Opus 4.7 is roughly equivalent to medium-effort Opus 4.6.On our 93-task coding benchmark, Claude Opus 4.7 lifted resolution by 13% over Opus 4.6, including four tasks neither Opus 4.6 nor Sonnet 4.6 could solve. Combined with faster median latency and strict instruction following, it’s particularly meaningful for complex, long-running coding workﬂows. It cuts the friction from those multi-step tasks so developers can stay in the ﬂow and focus on building.Based on our internal research-agent benchmark, Claude Opus 4.7 has the strongest efﬁciency baseline we’ve seen for multi-step work. It tied for the top overall score across our six modules at 0.715 and delivered the most consistent long-context performance of any model we tested. On General Finance—our largest module—it improved meaningfully on Opus 4.6, scoring 0.813 versus 0.767, while also showing the best disclosure and data discipline in the group. And on deductive logic, an area where Opus 4.6 struggled, Opus 4.7 is solid.Claude Opus 4.7 extends the limit of what models can do to investigate and get tasks done. Anthropic has clearly optimized for sustained reasoning over long runs, and it shows with market-leading performance. As engineers shift from working 1:1 with agents to managing them in parallel, this is exactly the kind of frontier capability that unlocks new workﬂows.We’re seeing major improvements in Claude Opus 4.7’s multimodal understanding, from reading chemical structures to interpreting complex technical diagrams. The higher resolution support is helping Solve Intelligence build best-in-class tools for life sciences patent workﬂows, from drafting and prosecution to infringement detection and invalidity charting.Claude Opus 4.7 takes long-horizon autonomy to a new level in Devin. It works coherently for hours, pushes through hard problems rather than giving up, and unlocks a class of deep investigation work we couldn’t reliably run before.For Replit, Claude Opus 4.7 was an easy upgrade decision. For the work our users do every day, we observed it achieving the same quality at lower cost—more efﬁcient and precise at tasks like analyzing logs and traces, ﬁnding bugs, and proposing ﬁxes. Personally, I love how it pushes back during technical discussions to help me make better decisions. It really feels like a better coworker.Claude Opus 4.7 demonstrates strong substantive accuracy on BigLaw Bench for Harvey, scoring 90.9% at high effort with better reasoning calibration on review tables and noticeably smarter handling of ambiguous document editing tasks. It correctly distinguishes assignment provisions from change-of-control provisions, a task that has historically challenged frontier models. Substance was consistently rated as a strength across our evaluations: correct, thorough, and well-cited.Claude Opus 4.7 is a very impressive coding model, particularly for its autonomy and more creative reasoning. On CursorBench, Opus 4.7 is a meaningful jump in capabilities, clearing 70% versus Opus 4.6 at 58%.For complex multi-step workﬂows, Claude Opus 4.7 is a clear step up: plus 14% over Opus 4.6 at fewer tokens and a third of the tool errors. It’s the ﬁrst model to pass our implicit-need tests, and it keeps executing through tool failures that used to stop Opus cold. This is the reliability jump that makes Notion Agent feel like a true teammate.In our evals, we saw a double-digit jump in accuracy of tool calls and planning in our core orchestrator agents. As users leverage Hebbia to plan and execute on use cases like retrieval, slide creation, or document generation, Claude Opus 4.7 shows the potential to improve agent decision-making in these workﬂows.On Rakuten-SWE-Bench, Claude Opus 4.7 resolves 3x more production tasks than Opus 4.6, with double-digit gains in Code Quality and Test Quality. This is a meaningful lift and a clear upgrade for the engineering work our teams are shipping every day.For CodeRabbit’s code review workloads, Claude Opus 4.7 is the sharpest model we’ve tested. Recall improved by over 10%, surfacing some of the most difﬁcult-to-detect bugs in our most complex PRs, while precision remained stable despite the increased coverage. It’s a bit faster than GPT-5.4 xhigh on our harness, and we’re lining it up for our heaviest review work at launch.For Genspark’s Super Agent, Claude Opus 4.7 nails the three production differentiators that matter most: loop resistance, consistency, and graceful error recovery. Loop resistance is the most critical. A model that loops indefinitely on 1 in 18 queries wastes compute and blocks users. Lower variance means fewer surprises in prod. And Opus 4.7 achieves the highest quality-per-tool-call ratio we’ve measured.Claude Opus 4.7 is a meaningful step up for Warp. Opus 4.6 is one of the best models out there for developers, and this model is measurably more thorough on top of that. It passed Terminal Bench tasks that prior Claude models had failed, and worked through a tricky concurrency bug Opus 4.6 couldn’t crack. For us, that’s the signal.Claude Opus 4.7 is the best model in the world for building dashboards and data-rich interfaces. The design taste is genuinely surprising—it makes choices I’d actually ship. It’s my default daily driver now.Claude Opus 4.7 is the most capable model we’ve tested at Quantium. Evaluated against leading AI models through our proprietary benchmarking solution, the biggest gains showed up where they matter most: reasoning depth, structured problem-framing, and complex technical work. Fewer corrections, faster iterations, and stronger outputs to solve the hardest problems our clients bring us.Claude Opus 4.7 feels like a real step up in intelligence. Code quality is noticeably improved, it’s cutting out the meaningless wrapper functions and fallback scaffolding that used to pile up, and ﬁxes its own code as it goes. It’s the cleanest jump we’ve seen since the move from Sonnet 3.7 to the Claude 4 series.For the computer-use work that sits at the heart of XBOW’s autonomous penetration testing, the new Claude Opus 4.7 is a step change: 98.5% on our visual-acuity benchmark versus 54.5% for Opus 4.6. Our single biggest Opus pain point effectively disappeared, and that unlocks its use for a whole class of work where we couldn’t use it before.Claude Opus 4.7 is a solid upgrade with no regressions for Vercel. It’s phenomenal on one-shot coding tasks, more correct and complete than Opus 4.6, and noticeably more honest about its own limits. It even does proofs on systems code before starting work, which is new behavior we haven’t seen from earlier Claude models.Claude Opus 4.7 is very strong and outperforms Opus 4.6 with a 10% to 15% lift in task success for Factory Droids, with fewer tool errors and more reliable follow-through on validation steps. It carries work all the way through instead of stopping halfway, which is exactly what enterprise engineering teams need.Claude Opus 4.7 autonomously built a complete Rust text-to-speech engine from scratch—neural model, SIMD kernels, browser demo—then fed its own output through a speech recognizer to verify it matched the Python reference. Months of senior engineering, delivered autonomously. The step up from Opus 4.6 is clear, and the codebase is public.Claude Opus 4.7 passed three TBench tasks that prior Claude models couldn’t, and it’s landing ﬁxes our previous best model missed, including a race condition. It demonstrates strong precision in identifying real issues, and surfaces important ﬁndings that other models either gave up on or didn’t resolve. In Qodo’s real-world code review benchmark, we observed top-tier precision.On Databricks’ OfﬁceQA Pro, Claude Opus 4.7 shows meaningfully stronger document reasoning, with 21% fewer errors than Opus 4.6 when working with source information. Across our agentic reasoning over data benchmarks, it is the best-performing Claude model for enterprise document analysis.For Ramp, Claude Opus 4.7 stands out in agent-team workﬂows. We’re seeing stronger role ﬁdelity, instruction-following, coordination, and complex reasoning, especially on engineering tasks that span tools, codebases, and debugging context. Compared with Opus 4.6, it needs much less step-by-step guidance, helping us scale the internal agent workﬂows our engineering teams run.Claude Opus 4.7 is measurably better than Opus 4.6 for Bolt’s longer-running app-building work, up to 10% better in the best cases, without the regressions we’ve come to expect from very agentic models. It pushes the ceiling on what our users can ship in a single session.Below are some highlights and notes from our early testing of Opus 4.7:Instruction following. Opus 4.7 is substantially better at following instructions. Interestingly, this means that prompts written for earlier models can sometimes now produce unexpected results: where previous models interpreted instructions loosely or skipped parts entirely, Opus 4.7 takes the instructions literally. Users should re-tune their prompts and harnesses accordingly.Improved multimodal support. Opus 4.7 has better vision for high-resolution images: it can accept images up to 2,576 pixels on the long edge (~3.75 megapixels), more than three times as many as prior Claude models. This opens up a wealth of multimodal uses that depend on ﬁne visual detail: computer-use agents reading dense screenshots, data extractions from complex diagrams, and work that needs pixel-perfect references.1Real-world work. As well as its state-of-the-art score on the Finance Agent evaluation (see table above), our internal testing showed Opus 4.7 to be a more effective ﬁnance analyst than Opus 4.6, producing rigorous analyses and models, more professional presentations, and tighter integration across tasks. Opus 4.7 is also state-of-the-art on GDPval-AA, a third-party evaluation of economically valuable knowledge work across ﬁnance, legal, and other domains.Memory. Opus 4.7 is better at using ﬁle system-based memory. It remembers important notes across long, multi-session work, and uses them to move on to new tasks that, as a result, need less up-front context.The charts below display more evaluation results from our pre-release testing, across a range of different domains:Overall, Opus 4.7 shows a similar safety proﬁle to Opus 4.6: our evaluations show low rates of concerning behavior such as deception, sycophancy, and cooperation with misuse. On some measures, such as honesty and resistance to malicious “prompt injection” attacks, Opus 4.7 is an improvement on Opus 4.6; in others (such as its tendency to give overly detailed harm-reduction advice on controlled substances), Opus 4.7 is modestly weaker. Our alignment assessment concluded that the model is “largely well-aligned and trustworthy, though not fully ideal in its behavior”. Note that Mythos Preview remains the best-aligned model we’ve trained according to our evaluations. Our safety evaluations are discussed in full in the Claude Opus 4.7 System Card.Overall misaligned behavior score from our automated behavioral audit. On this evaluation, Opus 4.7 is a modest improvement on Opus 4.6 and Sonnet 4.6, but Mythos Preview still shows the lowest rates of misaligned behavior.In addition to Claude Opus 4.7 itself, we’re launching the following updates:More effort control: Opus 4.7 introduces a new xhigh (“extra high”) effort level between high and max, giving users ﬁner control over the tradeoff between reasoning and latency on hard problems. In Claude Code, we’ve raised the default effort level to xhigh for all plans. When testing Opus 4.7 for coding and agentic use cases, we recommend starting with high or xhigh effort.On the Claude Platform (API): as well as support for higher-resolution images, we’re also launching task budgets in public beta, giving developers a way to guide Claude’s token spend so it can prioritize work across longer runs.In Claude Code: The new /ultrareview slash command produces a dedicated review session that reads through changes and ﬂags bugs and design issues that a careful reviewer would catch. We’re giving Pro and Max Claude Code users three free ultrareviews to try it out. In addition, we’ve extended auto mode to Max users. Auto mode is a new permissions option where Claude makes decisions on your behalf, meaning that you can run longer tasks with fewer interruptions—and with less risk than if you had chosen to skip all permissions.Opus 4.7 is a direct upgrade to Opus 4.6, but two changes are worth planning for because they affect token usage. First, Opus 4.7 uses an updated tokenizer that improves how the model processes text. The tradeoff is that the same input can map to more tokens—roughly 1.0–1.35× depending on the content type. Second, Opus 4.7 thinks more at higher effort levels, particularly on later turns in agentic settings. This improves its reliability on hard problems, but it does mean it produces more output tokens. Users can control token usage in various ways: by using the effort parameter, adjusting their task budgets, or prompting the model to be more concise. In our own testing, the net effect is favorable—token usage across all effort levels is improved on an internal coding evaluation, as shown below—but we recommend measuring the difference on real trafﬁc. We’ve written a migration guide that provides further advice on upgrading from Opus 4.6 to Opus 4.7.Score on an internal agentic coding evaluation as a function of token usage at each effort level. In this evaluation, the model works autonomously from a single user prompt, and results may not be representative of token usage in interactive coding. See the migration guide for more on tuning effort levels.

...

Read the original on www.anthropic.com »

2 1,639 shares, 55 trendiness

Google Broke Its Promise to Me. Now ICE Has My Data.

In September 2024, Amandla Thomas-Johnson was a Ph. D. candidate studying in the U.S. on a student visa when he brieﬂy attended a pro-Palestinian protest. In April 2025, Immigration and Customs Enforcement (ICE) sent Google an administrative subpoena requesting his data. The next month, Google gave Thomas-Johnson’s information to ICE without giving him the chance to challenge the subpoena, breaking a nearly decade-long promise to notify users before handing their data to law enforcement.

Google names a handful of exceptions to this promise (such as if Google receives a gag order from a court) that do not apply to Thomas-Johnson’s case. While ICE “requested” that Google not notify Thomas-Johnson, the request was not enforceable or mandated by a court. Today, the Electronic Frontier Foundation sent complaints to the California and New York Attorneys General asking them to investigate Google for deceptive trade practices for breaking that promise. You can read about the complaints here. Below is Thomas-Johnson’s account of his ordeal.

I thought my ordeal with U. S. immigration authorities was over a year ago, when I left the country, crossing into Canada at Niagara Falls.

By that point, the Trump administration had effectively turned federal power against international students like me. After I attended a pro-Palestine protest at Cornell University—for all of ﬁve minutes—the administration’s rhetoric about cracking down on students protesting what we saw as genocide forced me into hiding for three months. Federal agents came to my home looking for me. A friend was detained at an airport in Tampa and interrogated about my whereabouts.

I’m currently a Ph. D. student. Before that, I was a reporter. I’m a dual British and Trinadad and Tobago citizen. I have not been accused of any crime.

I believed that once I left U. S. territory, I had also left the reach of its authorities. I was wrong.

Weeks later, in Geneva, Switzerland, I received what looked like a routine email from Google. It informed me that the company had already handed over my account data to the Department of Homeland Security.

At ﬁrst, I wasn’t alarmed. I had seen something similar before. An associate of mine, Momodou Taal, had received advance notice from Google and Facebook that his data had been requested. He was given advanced notice of the subpoenas, and law enforcement eventually withdrew them before the companies turned over his data.

Google had already disclosed my data without telling me.

I assumed I would be given the same opportunity. But the language in my email was different. It was ﬁnal: “Google has received and responded to legal process from a law enforcement authority compelling the release of information related to your Google Account.”

Google had already disclosed my data without telling me. There was no opportunity to contest it.

To be clear, this should not have happened this way. Google promises that it will notify users before their data is handed over in response to legal processes, including administrative subpoenas. That notice is meant to provide a chance to challenge the request. In my case, that safeguard was bypassed. My data was handed over without warning—at the request of an administration targeting students engaged in protected political speech.

Months later, my lawyer at the Electronic Frontier Foundation obtained the subpoena itself. On paper, the request focused largely on subscriber information: IP addresses, physical address, other identiﬁers, and session times and durations.

But taken together, these fragments form something far more powerful—a detailed surveillance proﬁle. IP logs can be used to approximate location. Physical addresses show where you sleep. Session times would show when you were communicating with friends or family. Even without message content, the picture that emerges is intimate and invasive.

What this experience has made clear is that anyone can be targeted by law enforcement. And with their massive stores of data, technology companies can facilitate those arbitrary investigations. Together, they can combine state power, corporate data, and algorithmic inference in ways that are difﬁcult to see—and even harder to challenge.

The consequences of what happened to me are not abstract. I left the United States. But I do not feel that I have left its reach. Being investigated by the federal government is intimidating. Questions run through your head. Am I now a marked individual? Will I face heightened scrutiny if I continue my reporting? Can I travel safely to see family in the Caribbean?

Who, exactly, can I hold accountable?

Update: This post has been updated to include more information about Google’s exceptions to their notiﬁcation policy, none of which applied to the subpoena targeting Thomas-Johnson.

...

Read the original on www.eff.org »

3 1,164 shares, 41 trendiness

Qwen Studio

...

Read the original on qwen.ai »

4 1,115 shares, 40 trendiness

Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into something malicious. It happened again. This time at a much larger scale.

Ricky from Improve & Grow emailed us about an alert he saw in the WordPress dashboard for a client site. The notice was from the WordPress.org Plugins Team, warning that a plugin called Countdown Timer Ultimate contained code that could allow unauthorized third-party access.

I ran a full security audit on the site. The plugin itself had already been force-updated by WordPress.org to version 2.6.9.1, which was supposed to clean things up. But the damage was already done.

The plugin’s wpos-analytics module had phoned home to analytics.essentialplugin.com, downloaded a backdoor ﬁle called wp-comments-posts.php (designed to look like the core ﬁle wp-comments-post.php), and used it to inject a massive block of PHP into wp-conﬁg.php.

The injected code was sophisticated. It fetched spam links, redirects, and fake pages from a command-and-control server. It only showed the spam to Googlebot, making it invisible to site owners. And here is the wildest part. It resolved its C2 domain through an Ethereum smart contract, querying public blockchain RPC endpoints. Traditional domain takedowns would not work because the attacker could update the smart contract to point to a new domain at any time.

CaptainCore keeps daily restic backups. I extracted wp-conﬁg.php from 8 different backup dates and compared ﬁle sizes. Binary search style.

The injection happened on April 6, 2026, between 04:22 and 11:06 UTC. A 6-hour 44-minute window.

I traced the plugin’s history through 939 quicksave snapshots. The plugin had been on the site since January 2019. The wpos-analytics module was always there, functioning as a legitimate analytics opt-in system for years.

Then came version 2.6.7, released August 8, 2025. The changelog said, “Check compatibility with WordPress version 6.8.2.” What it actually did was add 191 lines of code, including a PHP deserialization backdoor. The class-anylc-admin.php ﬁle grew from 473 to 664 lines.

The new code introduced three things:

A fetch_ver_info() method that calls ﬁle_get_contents() on the attacker’s server and passes the response to @unserialize()

A version_info_clean() method that executes @$clean($this->version_cache, $this->changelog) where all three values come from the unserialized remote data

That is a textbook arbitrary function call. The remote server controls the function name, the arguments, everything. It sat dormant for 8 months before being activated on April 5-6, 2026.

This is where it gets interesting. The original plugin was built by Minesh Shah, Anoop Ranawat, and Pratik Jain. An India-based team that operated under “WP Online Support” starting around 2015. They later rebranded to “Essential Plugin” and grew the portfolio to 30+ free plugins with premium versions.

By late 2024, revenue had declined 35-45%. Minesh listed the entire business on Flippa. A buyer identiﬁed only as “Kris,” with a background in SEO, crypto, and online gambling marketing, purchased everything for six ﬁgures. Flippa even published a case study about the sale in July 2025.

The buyer’s very ﬁrst SVN commit was the backdoor.

On April 7, 2026, the WordPress.org Plugins Team permanently closed every plugin from the Essential Plugin author. At least 30 plugins, all on the same day. Here are the ones I conﬁrmed:

* SlidersPack — All in One Image Sliders — sliderspack-all-in-one-image-sliders

All permanently closed. The author search on WordPress.org returns zero results. The analytics.essentialplugin.com endpoint now returns {“message”:“closed”}.

In 2017, a buyer using the alias “Daley Tias” purchased the Display Widgets plugin (200,000 installs) for $15,000 and injected payday loan spam. That buyer went on to compromise at least 9 plugins the same way.

The Essential Plugin case is the same playbook at a larger scale. 30+ plugins. Hundreds of thousands of active installations. A legitimate 8-year-old business acquired through a public marketplace and weaponized within months.

WordPress.org’s forced update added return; statements to disable the phone-home functions. That is a band-aid. The wpos-analytics module is still there with all its code. I built patched versions with the entire backdoor module stripped out.

I scanned my entire ﬂeet and found 12 of the 26 Essential Plugin plugins installed across 22 customer sites. I patched 10 of them (one had no backdoor module, one was a different “pro” fork by the original authors). Here are the patched versions, hosted permanently on B2:

# Countdown Timer Ultimate

wp plugin install https://plugins.captaincore.io/countdown-timer-ultimate-2.6.9.1-patched.zip –force

# Popup Anything on Click

wp plugin install https://plugins.captaincore.io/popup-anything-on-click-2.9.1.1-patched.zip –force

# WP Testimonial with Widget

wp plugin install https://plugins.captaincore.io/wp-testimonial-with-widget-3.5.1-patched.zip –force

# WP Team Showcase and Slider

wp plugin install https://plugins.captaincore.io/wp-team-showcase-and-slider-2.8.6.1-patched.zip –force

# WP FAQ (sp-faq)

wp plugin install https://plugins.captaincore.io/sp-faq-3.9.5.1-patched.zip –force

# Timeline and History Slider

wp plugin install https://plugins.captaincore.io/timeline-and-history-slider-2.4.5.1-patched.zip –force

# Album and Image Gallery plus Lightbox

wp plugin install https://plugins.captaincore.io/album-and-image-gallery-plus-lightbox-2.1.8.1-patched.zip –force

# SP News and Widget

wp plugin install https://plugins.captaincore.io/sp-news-and-widget-5.0.6-patched.zip –force

# WP Blog and Widgets

wp plugin install https://plugins.captaincore.io/wp-blog-and-widgets-2.6.6.1-patched.zip –force

# Featured Post Creative

wp plugin install https://plugins.captaincore.io/featured-post-creative-1.5.7-patched.zip –force

# Post Grid and Filter Ultimate

wp plugin install https://plugins.captaincore.io/post-grid-and-ﬁlter-ultimate-1.7.4-patched.zip –force

Each patched version removes the entire wpos-analytics directory, deletes the loader function from the main plugin ﬁle, and bumps the version to -patched. The plugin itself continues to work normally.

The process is straightforward with Claude Code. Point it at this article for context, tell it which plugin you need patched, and it can strip the wpos-analytics module the same way I did. The pattern is identical across all of the Essential Plugin plugins:

Delete the wpos-analytics/ directory from the plugin

Remove the loader function block in the main plugin PHP ﬁle (search for “Plugin Wpos Analytics Data Starts” or wpos_analytics_anl)

Two supply chain attacks in two weeks. Both followed the same pattern. Buy a trusted plugin with an established install base, inherit the WordPress.org commit access, and inject malicious code. The Flippa listing for Essential Plugin was public. The buyer’s background in SEO and gambling marketing was public. And yet the acquisition sailed through without any review from WordPress.org.

WordPress.org has no mechanism to ﬂag or review plugin ownership transfers. There is no “change of control” notiﬁcation to users. No additional code review triggered by a new committer. The Plugins Team responded quickly once the attack was discovered. But 8 months passed between the backdoor being planted and being caught.

If you manage WordPress sites, search your ﬂeet for any of the 26 plugin slugs listed above. If you ﬁnd one, patch it or remove it. And check wp-conﬁg.php.

...

Read the original on anchor.host »

5 1,105 shares, 38 trendiness

Introducing Claude Design by Anthropic Labs

Today, we’re launching Claude Design, a new Anthropic Labs product that lets you collaborate with Claude to create polished visual work like designs, prototypes, slides, one-pagers, and more.

Claude Design is powered by our most capable vision model, Claude Opus 4.7, and is available in research preview for Claude Pro, Max, Team, and Enterprise subscribers. We’re rolling out to users gradually throughout the day.

Even experienced designers have to ration exploration—there’s rarely time to prototype a dozen directions, so you limit yourself to a few. And for founders, product managers, and marketers with an idea but not a design background, creating and sharing those ideas can be daunting.

Claude Design gives designers room to explore widely and everyone else a way to produce visual work. Describe what you need and Claude builds a ﬁrst version. From there, you reﬁne through conversation, inline comments, direct edits, or custom sliders (made by Claude) until it’s right. When given access, Claude can also apply your team’s design system to every project automatically, so the output is consistent with the rest of your company’s designs.

Teams have been using Claude Design for:

* Realistic prototypes: Designers can turn static mockups into easily-shareable interactive prototypes to gather feedback and user-test, without code review or PRs.

* Product wireframes and mockups: Product Managers can sketch out feature ﬂows and hand them off to Claude Code for implementation, or share them with designers to reﬁne further.

* Design explorations: Designers can quickly create a wide range of directions to explore.

* Pitch decks and presentations: Founders and Account Executives can go from a rough outline to a complete, on-brand deck in minutes, and then export as a PPTX or send to Canva.

* Marketing collateral: Marketers can create landing pages, social media assets, and campaign visuals, then loop in designers to polish.

* Frontier design: Anyone can build code-powered prototypes with voice, video, shaders, 3D and built-in AI.

Your brand, built in. During onboarding, Claude builds a design system for your team by reading your codebase and design ﬁles. Every project after that uses your colors, typography, and components automatically. You can reﬁne the system over time, and teams can maintain more than one.

Import from anywhere. Start from a text prompt, upload images and documents (DOCX, PPTX, XLSX), or point Claude at your codebase. You can also use the web capture tool to grab elements directly from your website so prototypes look like the real product.

Reﬁne with ﬁne-grained controls. Comment inline on speciﬁc elements, edit text directly, or use adjustment knobs to tweak spacing, color, and layout live. Then ask Claude to apply your changes across the full design.

Collaborate. Designs have organization-scoped sharing. You can keep a document private, share it so anyone in your organization with the link can view it, or grant edit access so colleagues can modify the design and chat with Claude together in a group conversation.

Export anywhere. Share designs as an internal URL within your organization, save as a folder, or export to Canva, PDF, PPTX, or standalone HTML ﬁles.

Handoff to Claude Code. When a design is ready to build, Claude packages everything into a handoff bundle that you can pass to Claude Code with a single instruction.

Over the coming weeks, we’ll make it easier to build integrations with Claude Design, so you can connect it to more of the tools your team already uses.

Claude Design is available for Claude Pro, Max, Team, and Enterprise subscribers. Access is included with your plan and uses your subscription limits, with the option to continue beyond those limits by enabling extra usage.

For Enterprise organizations, Claude Design is off by default. Admins can enable it in Organization settings.

...

Read the original on www.anthropic.com »

6 1,066 shares, 40 trendiness

Robert Reese's Website

TLDR: Despite claiming to backup all your data, Backblaze quietly stopped backing up OneDrive and Dropbox folders - along with potentially many other things.

For ten years I have been using Backblaze for my personal computer backup. Before 2015 I would backup ﬁles to one of two large external hard discs. I then rotated these drives between, ﬁrst my father’s house, and after I moved to the UK, my ofﬁce drawers.

In 2015 Backblaze seemed like a good bet. Unlike Crashplan their software wasn’t a bloated Java app, but they did have unlimited storage. If you could cram it into your PC they would back it up. With their yearly Hard Drive reviews making good press, a lot of personal recommendations from my friends and colleagues, their service sounded great. I installed the software, ran it for several weeks, and sure enough my data was safely stored in their cloud.

I had further reason to be impressed when several years later one of my hard drives failed. I made use of their “send me a hard drive with my stuff on it service”. A drive turned up ﬁlled with my precious data. That for me was proof that this system worked, and that it worked well.

And so I recommended Backblaze for years. What do you do for backup? I would extoll the virtues of Backblaze, and they made many sales from such recommendations.

There were a few things I didn’t like. The app, could use a lot of memory, especially after doing a large import of photographs. The website, which I often used to restore single ﬁles or folders, was slow and clunky to use. The windows app in particular was clunky with an early 2000s aesthetic and cramped lists. There was the time they leaked all your ﬁlenames to Facebook, but they probably ﬁxed that.

But no matter, small problems for the peace of mind of having all my ﬁles backed up.

Backup software is meant to back up your ﬁles. Which ﬁles? Well the ﬁles you need. Given everyone is different, with different workﬂows and ﬁletypes, the ideal thing is to back up all your ﬁles. No backup provider knows what I will need in the future. The provider must plan accordingly.

My ﬁrst troubling discovery was in 2025, when I made several errors then did a push -f to GitHub and blew away the git history for a half decade old repo. No data was lost, but the log of changes was. No problem I thought, I’ll just restore this from Backblaze. Sadly it was not to be. At some point Backblaze had started to ignore .git folders.

This annoyed me. Firstly I needed that folder and Backblaze had let me down. Secondly within the Backblaze preferences I could ﬁnd no way to re-enable this. In fact looking at the list of exclusions I could ﬁnd no mention of .git whatsoever.

This made me wonder - I had checked the exclusions list when I installed Backblaze 9 years before, had I missed it? Had I missed anything else?

Well lesson learned I guess, but then a week ago I came across this thread on reddit: “Doesn’t back up Dropbox folder??”. A user was surprised to ﬁnd their Dropbox folder no longer being backed up. Alarmed I logged into Backblaze, and lo and behold, my OneDrive folder was missing.

Backblaze has one job, and apparently they are unable to do that job. Back up my stuff. But they have decided not to.

Lets take an aside.

A reasonable person might point out those ﬁles on OneDrive are already being backed up - by OneDrive! No. Dropbox and OneDrive are for ﬁle syncing - syncing your ﬁles to the cloud. They offer limited protection. OneDrive and Dropbox only retain deleted ﬁles for one month. Backblaze has one year ﬁle retention, or if you pay per GB, unlimited retention. While OneDrive retains version changes for longer, Dropbox only retains version changes for a month - again unless you pay for more. Your ﬁles are less secure and less backed up when you stick them in a cloud storage provider folder compared to just being on your desktop.

And that’s assuming your cloud provider is playing ball. If Microsoft or Dropbox bans your account you may ﬁnd yourself with no backup whatsoever.

For me the larger issue is they never told us. My OneDrive folder sits at 383GB. You would think that having decided to no longer back this up I might get an email, and alert or some other notiﬁcation. Of course not.

Nestled into their release notes under “Improvements” we see:

The Backup Client now excludes popular cloud storage providers from backup, including both mount points and cache directories. This prevents performance issues, excessive data usage, and unintended uploads from services like OneDrive, Google Drive, Dropbox, Box, iDrive, and others. This change aligns with Backblaze’s policy to back up only local and directly connected storage.

First, I would hardly call this change in policy an improvement, its hard to imagine anyone reading this as anything other than a downgrade in service. Secondly does Backblaze believe most of its users are reading their release notes?

And if you joined today and looked at their list of ﬁle exclusions you would ﬁnd no reference to Dropbox or OneDrive. No mention of Git either.

Here’s the thing, today they don’t back up Git or OneDrive. Who’s to say tomorrow they wont add to the list. Maybe some obscure ﬁle format that’s critical to your work ﬂow. Or they will ignore a ﬁle extension that just happens be the same as one used by your DAW or 3D Modelling software. And they won’t tell you this. They wont even list it on their site.

By deciding not to back up everything, Backblaze has made it as if they are backing up nothing.

But really this feels like a promise broken. Back in 2015 their website proudly proclaimed:

All user data included by default No restrictions on ﬁle type or size

Protect the digital memories and ﬁles that matter most to you.

File backup is a matter of trust. You are paying a monthly fee so that if and when things go wrong you can get your data back. By silently changing the rules, Backblaze has not simply eroded my trust, but swept it away.

I wrote this to warn you - Backblaze is no longer doing their part, they are no longer backing up your data. Some of your data sure, but not all of it.

Finally let me leave you with Backblaze’s own words from 2015:

They promised to simplify backup. They succeeded - they don’t even do the backup part anymore.

...

Read the original on rareese.com »

7 1,063 shares, 43 trendiness

DaVinci Resolve – Photo

The Photo page brings Hollywood’s most advanced color tools to still photography for the ﬁrst time! Whether you’re a professional colorist looking to apply your skills to fashion shoots and weddings, or a photographer who wants to work beyond the limits of traditional photo applications, the Photo page unlocks the tools you need. Start with familiar photo tools including white balance, exposure and primary color adjustments, then switch to the Color page for access to the full DaVinci color grading toolset trusted by Hollywood’s best colorists! You can use DaVinci’s AI toolset as well as Resolve FX and Fusion FX. GPU acceleration lets you export faster than ever before!

For photographers, the Photo page offers a familiar set of tools alongside DaVinci’s powerful color grading capabilities. It includes native RAW support for Canon, Fujiﬁlm, Nikon, Sony and even iPhone ProRAW. All image processing takes place at source resolution up to 32K, or over 400 megapixels, so you’re never limited to project resolution. Familiar basic adjustments including white balance, exposure, color and saturation give you a comfortable starting point. With non-destructive processing you can reframe, crop and re-interpret your original sensor data at any time. And with GPU acceleration, entire albums can be processed dramatically faster than conventional photo applications!

The Photo page Inspector gives you precise control over the transform and cropping parameters of your images. Reframe and crop non-destructively at the original source resolution and aspect ratio, so you’re never restricted to a ﬁxed timeline size! Zoom, position, rotate and ﬂip images with full transform controls and use the cropping parameters to trim the edges of any image with precision. Reframe a shot to improve composition, adjust for a speciﬁc ratio for print or social media use, or simply remove unwanted elements from the edges of a frame. All adjustments can be reﬁned or reset at any time without ever affecting the original source ﬁle!

DaVinci Resolve is the world’s only post production software that lets everyone work together on the same project at the same time! Built on a powerful cloud based workﬂow, you can share albums, all associated metadata and tags, as well as grades and effects with colorists, photographers and retouchers anywhere in the world. Blackmagic Cloud syncing keeps every collaborator with the latest version of your image library in real time, and remote reviewers can approve grades offsite without needing to be in the same room. Hollywood colorists can even grade live fashion shoots remotely, all while the photographer is still on set!

The Photo page gives you everything you need to manage your entire image library from import to completion. You can import photos directly, from your Apple Photos library or Lightroom, and organize them with tags, ratings, favorites and keywords for fast, ﬂexible management of even the largest libraries. It supports all standard RAW ﬁles and image types. AI IntelliSearch lets you instantly search across your entire project to ﬁnd exactly what you’re looking for, from objects to people to animals! Albums allow you to build and manage collections for any project and with a single click you can switch between your photo library and your color grading workﬂow!

Albums are a powerful way to build and manage photo collections directly in DaVinci Resolve. You can add images manually to each album or organize by date, camera, star rating, EXIF data and more. Powerful ﬁlter and sort tools give you total control over how your collection is arranged. The thumbnail view displays each image’s graded version alongside its ﬁle name and source clip format so you can see your grades at a glance. Create multiple grade versions of any image, all referencing the original source ﬁle, so you can explore different looks without ever duplicating a ﬁle. Plus, grades applied to one photo can be instantly copied across others in the album for a fast, consistent look!

Connect Sony or Canon cameras directly to DaVinci Resolve for tethered shooting with full live view! Adjust camera settings including ISO, exposure and white balance without leaving the page and save image capture presets to establish a consistent look before you shoot. Images can be captured directly into an album, with albums created automatically during capture so your library is perfectly organized from the moment you start shooting. Grade images as they arrive using DaVinci Resolve’s extensive color toolset and use a hardware panel for hands-on creative control in a collaborative shoot. That means you can capture, grade and organize an entire shoot without leaving DaVinci Resolve!

The Photo page gives you access to over 100 GPU and CPU accelerated Resolve FX and specialty AI tools for still image work. They’re organized by category in the Open FX library and cover everything from color effects, blurs and glows to image repair, skin reﬁnement and cinematic lighting tools. These are the same tools used by Hollywood colorists and VFX artists on the world’s biggest productions, now available for still images. To add an effect, drag it to any node. Whether you’re making subtle beauty reﬁnements for a fashion shoot or applying dramatic ﬁlm looks and atmospheric lighting effects emulating the looks of a Hollywood feature, the Photo page has the tools you need!

Magic Mask makes precise selections of subjects or backgrounds, while Depth Map generates a 3D map of your scene to separate foreground and background without manual masking. Use together to grade different depths of an image independently for results that have never before been possible for stills!

Add a realistic light source to any photo after capture with Relight FX. Relight analyzes the surfaces of faces and objects to reﬂect light naturally across the image. Combine with Magic Mask to light a subject independently from the background, turning ﬂat portraits into stunning fashion images!

Face reﬁnement automatically masks different parts of a face, saving countless hours of manual work. Sharpen eyes, remove dark circles, smooth skin, and color lips. Ultra Beauty separates skin texture from color for natural, high end results, while AI Blemish Removal handles fast skin repair!

The Film Look Creator lets you add cinematic looks that replicate ﬁlm properties like halation, bloom, grain and vignetting. Adjust exposure in stops and use subtractive saturation, richness and split tone controls to achieve looks usually found on the big screen, now for your still images!

AI SuperScale uses the DaVinci AI Neural Engine to upscale low resolution images with exceptional quality. The enhanced mode is specifically designed to remove compression artifacts, making it the perfect tool for rescaling low quality photos or frame grabs up to 4x their original resolution!

UltraNR is a DaVinci AI Neural Engine driven denoise mode in the Color page’s spatial noise reduction palette. Use it to dramatically reduce digital noise from an image while maintaining image clarity. Use with spatial noise reduction to smooth out digital grain or scanner noise while keeping ﬁne hair and eye edges sharp.

Sample an area of a scene to quickly cover up unwanted elements, like objects or even blemishes on a face. The patch replacer has a fantastic auto grading feature that will seamlessly blend the covered area with the surrounding color data. Perfect for removing sensor dust.

The Quick Export option makes it fast and easy to deliver ﬁnished images in a wide range of common formats including JPEG, PNG, HEIF and TIFF. Export either an entire album or just selected photos providing ﬂexibility to meet your speciﬁc delivery needs. You can set the resolution, bit depth, quality and compression to ensure your images are optimized for their intended use. Whether you’re exporting standalone images for print, sharing on social media platforms or delivering graded ﬁles to a client, Quick Export has you covered. All exports preserve your original photo EXIF metadata, so camera settings, location data and other important information always travels with your ﬁles.

The Photo page uses GPU accelerated processing to deliver fast, accurate results across your entire workﬂow. Process hundreds of RAW ﬁles in seconds with GPU accelerated decoding and apply Resolve FX to your images in real time. GPU acceleration also means batch exports and conversions are dramatically faster than conventional photo applications. On Mac, DaVinci Resolve is optimized for Metal and Apple Silicon, taking full advantage of the latest hardware. On Windows and Linux, you get CUDA support for NVIDIA GPUs, while the Windows version also features full OpenCL support for AMD, Intel and Qualcomm GPUs. All this ensures you get high performance results on any system!

Hollywood colorists have always relied on hardware panels to work faster and more creatively and now photographers can too! The DaVinci Resolve Micro Color Panel is the perfect companion for photo grading as it is compact enough to sit next to a laptop and portable enough to take on location for shoots. It features three high quality trackballs for lift, gamma and gain adjustments, 12 primary correction knobs for contrast, saturation, hue, temperature and more. It even has a built in rechargeable battery! DaVinci Resolve color panels let you adjust multiple parameters at once, so you can create looks that are simply impossible with a mouse and keyboard.

Hollywood’s most popular solution for editing, visual effects, motion graphics, color correction and audio post production, for Mac, Windows and Linux. Now supports Blackmagic Cloud for collaboration!

The most powerful DaVinci Resolve adds DaVinci Neural Engine for automatic AI region tracking, stereoscopic tools, more Resolve FX ﬁlters, more Fairlight FX audio plugins and advanced HDR grading.

Includes large search dial in a design that includes only the speciﬁc keys needed for editing. Includes Bluetooth with battery for wireless use so it’s more portable than a full sized keyboard!

Editor panel specifically designed for multi-cam editing for news cutting and live sports replay. Includes buttons to make camera selection and editing extremely fast! Connects via Bluetooth or USB‑C.

Full sized traditional QWERTY editor keyboard in a premium metal design. Featuring a metal search dial with clutch, plus extra edit, trim and timecode keys. Can be installed inset for ﬂush mounting.

Powerful color panel gives you all the control you need to create cinematic images. Includes controls for reﬁned color grading including adding windows. Connects via Bluetooth or USB‑C.

Portable DaVinci color panel with 3 high resolution trackballs, 12 primary corrector knobs and LCDs with menus and buttons for switching tools, adding color nodes, HDR and secondary grading and more!

Designed in collaboration with professional Hollywood colorists, the DaVinci Resolve Advanced Panel features a massive number of controls for direct access to every DaVinci color correction feature.

Portable audio control surface includes 12 premium touch sensitive ﬂying faders, channel LCDs for advanced processing, automation and transport controls plus HDMI for an external graphics display.

Get incredibly fast audio editing for sound engineers working on tight deadlines! Includes LCD screen, touch sensitive control knobs, built in search dial and full keyboard with multi function keys.

Used by Hollywood and broadcasters, these large consoles make it easy to mix large projects with a massive number of channels and tracks. Modular design allows customizing 2, 3, 4, or 5 bay consoles!

Fairlight studio console legs at 0º angle for when you require a ﬂat working surface. Required for all Fairlight Studio Consoles.

Fairlight studio console legs at 8º angle for when you require a slightly angled working surface. Required for all Fairlight Studio Consoles.

Features 12 motorized faders, rotary control knobs illuminated buttons for pan, solo, mute and call, plus bank select buttons.

12 groups of touch sensitive rotary control knobs and illuminated buttons, assignable to fader strips, single channel or master bus.

Get quick access to virtually every Fairlight feature! Includes a 12” LCD, graphical keyboard, macro keys, transport controls and more.

Features HDMI, SDI inputs for video and computer monitoring and Ethernet for graphics display of channel status and meters.

Empty 2 bay Fairlight studio console chassis that can be populated with various faders, channel controls, edit and LCD monitors.

Empty 3 bay Fairlight studio console chassis that can be populated with various faders, channel controls, edit and LCD monitors.

Empty 4 bay Fairlight studio console chassis that can be populated with various faders, channel controls, edit and LCD monitors.

Empty 5 bay Fairlight studio console chassis that can be populated with various faders, channel controls, edit and LCD monitors.

Use alternative HDMI or SDI televisions and monitors when building a Fairlight studio console.

Mounting bar with locating pins to allow correct alignment of bay modules when building a custom 2 bay Fairlight console.

Mounting bar with locating pins to allow correct alignment of bay modules when building a custom 3 bay Fairlight console.

Mounting bar with locating pins to allow correct alignment of bay modules when building a custom 4 bay Fairlight console.

Mounting bar with locating pins to allow correct alignment of bay modules when building a custom 5 bay Fairlight console.

Side arm kit mounts into Fairlight console mounting bar and holds each fader, channel control and LCD monitor module.

Blank 1/3rd wide bay for building a custom console with the extra 1/3rd section. Includes blank inﬁll panels.

Allows mounting standard 19 inch rack mount equipment in the channel control area of the Fairlight studio console.

Blank panel to ﬁll in the channel control area of the Fairlight studio console.

Blank panel to ﬁll in the LCD monitor area of the Fairlight studio console when you’re not using the standard Fairlight LCD monitor.

Blank panel to ﬁll in the fader control area of the Fairlight studio console.

Adds 3 MADI I/O connections to the single MADI on the accelerator card, for a total of 256 inputs and outputs at 24 bit and 48kHz.

Add up to 2,000 tracks with real time processing of EQ, dynamics, 6 plug‑ins per track, plus MADI for extra 64 inputs and outputs.

Adds analog and digital connections, preamps for mics and instruments, sample rate conversion and sync at any standard frame rate.

...

Read the original on www.blackmagicdesign.com »

8 941 shares, 39 trendiness

Stop Flock

Flock Safety markets AI surveillance that goes far beyond reading license plates; color, bumper stickers, dents, and other features are used to build databases and identify movement patterns. These systems are spreading rapidly, often without oversight, and are accessible to police without a warrant. They raise serious privacy and legal concerns, and contribute to a nationwide trend toward mass surveillance.

While this and other systems like it claim to reduce crime, there is little evidence to support that claim - and significant risk of abuse. Real public safety comes from investing in communities, not stalking them.

Flock Safety markets its devices as “AI-powered precision policing technology” - far beyond basic license plate readers (ALPRs) (Flock Safety). The system uses AI to create a “Vehicle Fingerprint” - identifying cars not only by license plate, but also by color, make and model, roof racks, dents/damage, wheel type, and more. Even bumper sticker placement is analyzed. This lets law enforcement search for a “blue sedan with damage on the left side” even without a license plate.

But the surveillance goes deeper. Using a feature called “Convoy Analysis”, the system can detect vehicles that frequently appear near each other - suggesting associations between drivers or accomplices. The platform can also ﬂag vehicles that routinely travel to the same locations across time. Flock describes this as a way to “identify suspect vehicles traveling together” or “pinpoint associates” - functionality conﬁrmed in both their marketing and police testimonials (GovTech, ACLU).

The data is logged and made searchable across a nationwide law enforcement network - which ofﬁcers in subscribing agencies can access without a warrant. According to Flock, the system can automatically ﬂag a vehicle based on its history, route, or presence in multiple locations linked to a crime (Flock HOA Marketing).

While these tools may aid in locating stolen cars or missing persons, they also create a detailed record of everyone’s movements, associations, and routines. That data has already been misused - like when a Kansas police chief used Flock cameras 228 times to stalk an ex-girlfriend and her new partner without cause (Local12).

The scope of this tracking becomes clear when you see real-world examples. In 2025, a journalist drove 300 miles across rural Virginia and was captured by nearly 50 surveillance cameras operated by 15 different law enforcement agencies. When he requested his own surveillance footage, he discovered the cameras had documented patterns that made his behavior “predictable to anyone looking at it.” Most troubling: while the journalist couldn’t remember speciﬁc dates he’d made certain trips, police would know instantly - without any warrant or suspicion of wrongdoing (Cardinal News).

GitHub Stacked PRs

Large pull requests are hard to review, slow to merge, and prone to conﬂicts. Reviewers lose context, feedback quality drops, and the whole team slows down. Stacked PRs solve this by breaking big changes into a chain of small, focused pull requests that build on each other — each one independently reviewable.

A stack is a series of pull requests in the same repository where each PR targets the branch of the PR below it, forming an ordered chain that ultimately lands on your main branch.

GitHub understands stacks end-to-end: the pull request UI shows a stack map so reviewers can navigate between layers, branch protection rules are enforced against the ﬁnal target branch (not just the direct base), and CI runs for every PR in the stack as if they were targeting the ﬁnal branch.

While the gh stack CLI makes the local workﬂow seamless, it is entirely optional. You can create and manage Stacked PRs directly via the GitHub UI, the API, or your standard Git workﬂow. If you choose to use the CLI, it handles creating branches, managing rebases, pushing to GitHub, and creating PRs with the correct base branches. On GitHub, the PR UI gives reviewers the context they need — a stack map for navigation, focused diffs for each layer, and proper rules enforcement.

When you’re ready to merge, you can merge all or a part of the stack. Each PR can be merged directly or through the merge queue. If you want to merge multiple PRs at once (e.g., the bottom two PRs in a stack), simply wait for CI to pass on those speciﬁc layers, and you can merge them in a single step. After a merge, the remaining PRs in the stack are automatically rebased so the lowest unmerged PR targets the updated base branch.

Ready to dive in? Start with the Quick Start guide or read the full overview.

...

Read the original on github.github.com »

10 847 shares, 35 trendiness

Introducing a new spam policy for "back button hijacking"

Today, we are expanding our spam policies

to address a deceptive practice known as “back button hijacking”, which will become an explicit violation of the “malicious practices” of spam policies, leading to potential spam actions.

When a user clicks the “back” button in the browser, they have a clear expectation: they want to return to the previous page. Back button hijacking breaks this fundamental expectation. It occurs when a site interferes with a user’s browser navigation and prevents them from using their back button to immediately get back to the page they came from. Instead, users might be sent to pages they never visited before, be presented with unsolicited recommendations or ads, or are otherwise just prevented from normally browsing the web.

Why are we taking action?

We believe that the user experience comes ﬁrst. Back button hijacking interferes with the browser’s functionality, breaks the expected user journey, and results in user frustration. People report feeling manipulated and eventually less willing to visit unfamiliar sites. As we’ve stated before, inserting deceptive or manipulative pages into a user’s browser history has always been against our Google Search Essentials.

We’ve seen a rise of this type of behavior, which is why we’re designating this an explicit violation of our malicious practices

policy, which says:

Malicious practices create a mismatch between user expectations and the actual outcome,

leading to a negative and deceptive user experience, or compromised user security or privacy.

Pages that are engaging in back button hijacking may be subject to manual spam actions

or automated demotions, which can impact the site’s performance in Google Search results. To give site owners time to make any needed changes, we’re publishing this policy two months in advance of enforcement on June 15, 2026.

What should site owners do?

Ensure you are not doing anything to interfere with a user’s ability to navigate their browser history.

If you’re currently using any script or technique that inserts or replaces deceptive or manipulative pages into a user’s browser history that prevents them from using their back button to immediately get back to the page they came from, you are expected to remove or disable it.

Notably, some instances of back button hijacking may originate from the site’s included libraries or advertising platform. We encourage site owners to thoroughly review their technical implementation and remove or disable any code, imports or any conﬁgurations that are responsible for back button hijacking, to ensure a helpful and non-deceptive experience for users.

If your site has been impacted by a manual action and you have ﬁxed the issue, you can always let us know by submitting a reconsideration request

in Search Console. For questions or feedback, feel free to reach out on social media or discuss in our help community.

...

Read the original on developers.google.com »

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

If you like 10HN please leave feedback and share

Visit pancik.com for more.