1. iTerm2 vulnerability discovery allows arbitrary code execution
Security researchers have disclosed a vulnerability in iTerm2 that allows arbitrary code execution when users output malicious files to the terminal, such as running `cat readme.txt`. The exploit abuses iTerm2's SSH integration feature by tricking the terminal into communicating with a fake remote conductor script via terminal escape sequences. A patch has been committed to the project repository but has not yet reached stable releases. Developers should exercise caution when printing untrusted file contents to the terminal until the update is widely distributed.
2. Anthropic launches Claude Design
Anthropic has launched Claude Design, a dedicated application powered by the new Claude Opus 4.7 vision model. The tool allows users to generate UI prototypes, website designs, and presentations using text prompts and inline editing controls. Developers can export these designs to standard formats or pass the packaged bundle directly to Claude Code for implementation. The product is currently rolling out to Pro, Max, Team, and Enterprise subscribers.
3. Qwen releases Qwen3.6-35B-A3B Vision-Language Model
The Qwen team has open-sourced Qwen3.6-35B-A3B, a sparse Mixture-of-Experts vision-language model featuring 35 billion total parameters and 3 billion active parameters. The model includes agentic coding capabilities and achieves high recovery rates on standard benchmarks like GSM8K. Red Hat AI has simultaneously released an NVFP4 quantized checkpoint using LLM Compressor for immediate deployment. This early release provides developers with a highly capable, efficient model for local or cloud-based coding and vision tasks.
4. Smol machines tool release for portable virtual machines
Smol machines is a new CLI tool that enables developers to manage and run custom Linux virtual machines locally with sub-second cold starts. The tool packages stateful VMs into single portable files that can run on macOS or Linux without requiring a Docker daemon. It provides hardware-isolated sandboxing with opt-in networking, making it highly suitable for safely executing untrusted AI-generated code. The system uses elastic memory allocation via virtio ballooning to minimize host resource consumption.
5. NIST CVE policy change limits vulnerability enrichment
The National Institute of Standards and Technology (NIST) has announced it will limit metadata enrichment in the National Vulnerability Database to only high-priority security flaws. Going forward, NIST will only enrich CVEs listed in the CISA Known Exploited Vulnerabilities catalog, software used by federal agencies, and designated critical software like operating systems and firewalls. This policy change leaves thousands of lower-priority vulnerabilities without enriched metadata. Developers relying on automated dependency scanning tools may need to adjust their security pipelines to account for missing vulnerability details.
6. Windsurf 2.0 release adds Agent Command Center and Devin integration
Windsurf 2.0 has launched with a new Agent Command Center and native integration with the Devin autonomous software engineering agent. The update introduces a Kanban-style interface for managing both local and cloud-based agent sessions, allowing developers to track progress and unblock tasks. Users can now delegate complex debugging, testing, and deployment workflows to a cloud-based Devin VM directly from the editor. Access to Devin is included with all Windsurf plans and is rolling out gradually to users.
7. NanoClaw and Vercel launch agentic policy tools
NanoCo and Vercel have partnered to release a standardized, infrastructure-level approval system for autonomous AI agents. The framework replaces the need to grant agents raw API keys and broad permissions by introducing structured policy setting and approval dialogs. This system integrates across 15 messaging apps, allowing developers to safely deploy agents for tasks like cloud infrastructure management without risking unauthorized actions. The release provides a safer path for moving agents out of restricted sandboxes and into production environments.
8. Fish Audio releases S2 Pro text-to-speech model
Fish Audio has released S2 Pro, a new open-weights text-to-speech model featuring multi-speaker and multi-turn generation capabilities. The model supports inline prosody and emotion control using natural language tags like [whisper] or [laughing]. It processes 51 characters per second and is available via a hosted API priced at $15 per million characters. Developers can also self-host the model using the weights and fine-tuning code published on Hugging Face.
9. Perplexity launches Personal Computer platform
Perplexity has begun rolling out "Personal Computer," an AI platform designed to act as an OS-level orchestrator for complex workflows. The system integrates with local files, native applications, and web research to autonomously evaluate reasoning paths and complete multi-step goals. It operates within a secure, sandboxed environment that includes auditable actions and a user kill switch. The limited-access rollout is currently prioritized for Perplexity Max subscribers and optimized for Mac mini environments.