If your week was a blur of stand-ups and sprint reviews, we’ve got you covered with this week’s essential updates for developers, sysadmins and security teams. Grab a coffee, skim the highlights and keep your stack one step ahead.

Firefox 140 – Critical CVEs Squashed

Mozilla has released Firefox 140, addressing several high-impact vulnerabilities. Notable fixes include:

• CVE-2025-6424: Use-after-free in FontFaceSet, potentially exploitable for crashes or code execution.
• CVE-2025-6425: Persistent UUID exposure via the WebCompat extension.
• CVE-2025-6426: Missing executable warning on macOS.
• Additional issues affecting Android and developer tools.

Action: Update Firefox to version 140 as soon as possible to mitigate these risks.

Rust 1.88.0: Naked Functions & Smarter Syntax

Rust 1.88.0 is now stable, introducing:

• Naked Functions: Full control over function assembly, ideal for low-level and embedded development.
• Let Chains: More ergonomic conditional logic with let statements inside if and while conditions, available in the Rust 2024 edition.

These features improve both performance tuning and code clarity for advanced Rust users.

GitHub Copilot “Coding Agent” Public Preview

GitHub Copilot’s new “coding agent” is now in public preview for Copilot Pro users. This agent can offload multi-step coding tasks directly within VS Code or Visual Studio, streamlining complex workflows and boosting productivity.

Node.js v24 & v22: Security Releases Out – Update Images

Security updates are available for Node.js versions 24.x, 23.x, 22.x, and 20.x. The most critical fix addresses a vulnerability in async cryptographic operations (CVE-2025-23166) that could allow remote process crashes. All users tracking Current or LTS should update their images immediately to stay protected.

NVIDIA AIStore: Kubernetes Privilege Escalation Patch

A new patch is available for NVIDIA AIStore on Kubernetes, addressing CVE-2025-23260. This vulnerability allowed users to gain elevated cluster access via incorrect privilege assignment in the AIS Operator’s ServiceAccount. Update your AIStore containers to close this privilege escalation risk.

Copilot Chat: Improved Attachments & Context

GitHub Copilot Chat now supports larger context windows and improved attachment handling in public preview. These enhancements make it easier to reference and discuss code, files, and issues within your team.

Stay secure and productive – update your tools and dependencies today!