Cloudflare CSO details Claude Mythos exploit chain construction and adversarial review capabilities

Cloudflare's CSO published findings from Project Glasswing, Anthropic's initiative giving select companies access to Claude Mythos for defensive security research. Key capabilities demonstrated include exploit chain construction (chaining primitives like use-after-free bugs into full system takeovers), proof generation (writing and running code to verify exploitability), and adversarial review (running two agents in deliberate disagreement to improve accuracy). The newsletter also covers npm package compromises, Julia Evans moving away from Tailwind, Andrej Karpathy joining Anthropic, and a JavaScript destructuring trick for grabbing first and last array elements.

Google proposes WebMCP standard in Chrome 149 to expose web app capabilities to AI agents

Google's I/O 2026 announcements focus on making the web ready for AI agents. Key highlights include WebMCP, an emerging open standard being trialed in Chrome 149 that lets websites expose JavaScript functions and capabilities directly to AI agents (supported by brands like Shopify, Booking.com, and Expedia). Chrome DevTools now has a 1.0 agent integration allowing coding agents to directly access console logs, network traffic, and accessibility trees. Google also introduced Modern Web Guidance, a set of skills for AI coding agents tied to the Web Platform Baseline. Additionally, the HTML-in-Canvas API is proposed as a new standard enabling real DOM elements to be rendered and manipulated inside canvas elements with WebGL/WebGPU, enabling richer 3D web UIs.

Storybook 10.4 ships AI agent auto-configuration and TanStack React support

Storybook 10.4 ships several notable features: AI agents can now automatically configure Storybook in complex apps by analyzing project structure, generating mocks, and writing stories; a new sidebar change detection filter highlights stories affected by recent code changes; a quick-share button publishes Storybook to Chromatic for instant teammate review without needing a PR or CI run. The release also adds first-class TanStack React framework support via @storybook/tanstack-react with zero-config routing and server functions, an improved opinionated React Native setup using a standalone entry point, and an experimental react-component-meta docgen analyzer powered by Volar and the TypeScript Language Server for faster, higher-quality MCP metadata.

New Shai-Hulud wave hits 639 npm package versions targeting @antv ecosystem with Sigstore abuse

A new wave of the Shai-Hulud supply-chain campaign published 639 malicious versions across 323 npm packages in roughly one hour on May 19, primarily targeting the @antv ecosystem (charting, graph, and mapping libraries). The malware steals GitHub, npm, cloud, Kubernetes, Docker, and SSH credentials from developer workstations and CI/CD environments, exfiltrating them over the Session P2P network using AES-256-GCM encryption to evade detection. A notable new capability allows the malware to generate valid Sigstore provenance attestations by abusing OIDC tokens from compromised CI environments, making malicious packages appear legitimately signed. The variant also establishes persistence via backdoors in VS Code and Claude Code configurations, and self-propagates by injecting payloads into other packages owned by compromised accounts. Over 2,900 rogue GitHub repositories have been identified as exfiltration targets. Developers who installed affected packages should downgrade to pre-May 18 versions and immediately rotate all credentials.

Chrome 148 ships declarative partial updates with out-of-order HTML streaming APIs

Chrome 148 introduces two new web platform APIs under the Declarative Partial Updates initiative. The first enables out-of-order HTML streaming using processing instructions (`<?marker>`, `<?start>`, `<?end>`) as placeholders and `<template for>` elements to fill them, enabling island architecture and deferred content delivery without JavaScript. The second is a revamped suite of static and streaming JavaScript HTML insertion methods (`setHTML`, `streamHTML`, `appendHTML`, `streamAppendHTML`, etc.) with consistent naming, sanitizer support, and Streams API integration. Both APIs have polyfills available on npm. Together they allow SPA-style partial page updates driven by streamed HTML, reducing reliance on heavy JavaScript frameworks for dynamic content.

Shopify launches Next Generation Events in developer preview with field-level webhook triggers

Shopify has launched Next Generation Events in developer preview, offering a more granular and flexible alternative to traditional webhooks. Key features include field-level triggers so subscriptions only fire when specific fields change (e.g., only on price updates, not title edits), custom payload definitions via Admin GraphQL queries to avoid over-fetching, explicit `fields_changed` metadata in every delivery, state-based filtering with `query_filter`, and configuration-as-code via `shopify.app.toml`. Currently available in the `unstable` API version with Product and Customer topics live. The feature eliminates the need to diff state or make follow-up API calls after a webhook lands.

Vite 8 ships with Rolldown as sole bundler delivering up to 8x faster builds

Vite 8.0 ships with its most significant architectural change since version 2: replacing the dual esbuild/Rollup bundler setup with Rolldown, a single unified Rust-based bundler. Real-world build time improvements range from 57% to 8x faster, with some projects dropping from 46 seconds to 6 seconds. The release maintains full plugin API compatibility and includes a built-in compatibility layer for migrating esbuild and Rollup options. Additional improvements include native tsconfig paths support, emitDecoratorMetadata support, browser console forwarding, and a new plugin-react v6 that swaps Babel for Oxc. A known compatibility issue exists with Yarn PnP on Windows. Vite 8 is positioned as a framework-agnostic alternative to Turbopack, downloaded over 65 million times weekly.

Compromised atool npm account delivers credential stealer across 24 packages including timeago.js

The npm account 'atool' (associated with GitHub user hustcc) was compromised, leading to malicious releases across 24 packages in a 10-minute window on May 19, 2026. The attacker targeted high-download packages including timeago.js (1.5M+ weekly downloads) and the AntV visualization ecosystem (packages like @antv/g6, @antv/g2, @antv/l7). The malicious code functions as a CI/CD credential stealer, targeting environments like GitHub Actions, GitLab CI, and Kubernetes-hosted pipelines that hold elevated cloud credentials. Affected packages are widely used in data engineering pipelines, financial dashboards, and enterprise React/Vue/Angular front-end builds.

Nx Console VS Code extension with 2.2M installs compromised with credential-stealing payload

Nx Console VS Code extension (nrwl.angular-console), with over 2.2 million installs, was compromised in version 18.95.0. The malicious version was published outside the normal CI/CD pipeline using likely stolen credentials, injecting code that runs an obfuscated ~498 KB JavaScript payload on every workspace activation. The payload is a sophisticated multi-stage credential stealer targeting GitHub, NPM, AWS, Kubernetes, SSH keys, and more, with three exfiltration channels including DNS tunneling. It also includes persistence mechanisms, CI/CD targeting, and Sigstore attestation forgery capabilities. This is the second supply chain attack against the Nx ecosystem in under a year. Affected users should update to 18.100.0 immediately, check for persistence artifacts, and rotate all credentials.

Firefox 151 ships Document Picture-in-Picture API and local profile backups

<p>Firefox 151 is out, and it’s a reasonably substantial monthly release. Here’s what’s new.</p>
<h2>Document Picture-in-Picture API</h2>
<p>The headline addition is support for the Document Picture-in-Picture API, which lets web pages open always-on-top floating windows populated with arbitrary HTML content. The obvious use case is custom video conferencing controls — think a persistent call toolbar that stays visible while you switch tabs.</p>
<h2>PDF viewer gets merge support</h2>
<p>The built-in PDF viewer can now merge multiple PDFs together. Nothing fancy, but genuinely useful if you’ve been bouncing between external tools for this.</p>
<h2>Refreshed New Tab page</h2>
<p>The New Tab page has been renamed Firefox Home and got a visual refresh. The search bar is now a rounded pill shape, borrowing from Mozilla’s upcoming Nova redesign. There are also new background options if you like customizing that sort of thing.</p>
<h2>Private Browsing improvements</h2>
<p>Private Browsing Mode now has a flame button that clears and restarts your session without closing the window. Small addition, but it makes private browsing feel more intentional.</p>
<h2>Profile backups on Linux</h2>
<p>Local profile backups with cross-platform restore support now work on Linux and macOS. Useful if you’ve ever lost a profile and wished you had a fallback.</p>
<h2>Fingerprinting protection and VPN updates</h2>
<p>Fingerprinting protection has been improved under Standard Enhanced Tracking Protection. Firefox VPN users also get a new option to control their apparent location.</p>
<h2>Settings page</h2>
<p>The Settings page has a more compact layout. Not exciting, but worth knowing if something looks different.</p>
<h2>What didn’t make it</h2>
<p>The native JPEG-XL decoder was pushed to Firefox 152.</p>


Firefox 151 introduces the Document Picture-in-Picture API for always-on-top floating HTML windows, PDF merging in the built-in viewer, a refreshed New Tab page renamed Firefox Home with a pill-shaped search bar, a flame button for clearing Private Browsing sessions, Linux/macOS profile backup support, improved fingerprinting protection, and a more compact Settings layout. The native JPEG-XL decoder was deferred to Firefox 152.