Notepad++ breach, 4-hour coding limits, and why "just coding" isn't enough

View in browser | Past Issue | Subscribe / Unsubscribe

SitePoint Source

Welcome, Developers! 👋

State-sponsored hackers exploited Notepad++ through multiple vulnerability chains, while research confirms developers max out at 4 hours of quality coding time. As AI handles more execution work, we examine what skills developers actually need now, how GitHub plans to filter low-quality contributions, and Node.js performance evolution across nine major versions.

From our sponsor: Granola

Ever had a meeting where a random bot joins the call and, suddenly, everyone’s distracted?

Granola works differently. There are no meeting bots. Nothing joins your call.

Granola transcribes directly from your device’s audio (on your computer or your iPhone). It works with any meeting tool: Zoom, Google Meet, Microsoft team … and even for in-person conversations.

Try Granola on your next meeting and see how much easier it is to stay present. Use code SITEPOINT to get one month free.

Try it free

🔖 The Reading Room

Articles we have hand-picked for you:

Notepad++ Hijacked by State-Sponsored Hackers

Cybercriminals used three different execution chains over four months to compromise Notepad++ users. Chain #1 exploited a ProShow software vulnerability to deliver Cobalt Strike, Chain #2 used Lua scripts for shellcode execution, and Chain #3 deployed the Chrysalis backdoor via DLL sideloading. All three chains systematically collected system information and uploaded it to attacker-controlled servers before deploying final payloads.

By Georgy Kucherin & Anton Kargin →

You can code only 4 hours per day. Here’s why.

For developers, flow is the difference between tedium and breakthroughs. But reaching flow requires 15-25 minutes of uninterrupted time just to begin, and a single meeting can destroy an entire afternoon's potential for deep work. 3-4 hours is your daily maximum for deep, focused coding work. Beyond this threshold, quality and focus naturally decline, regardless of effort or willpower. By Dr Milan Milanović →

Being “Just a Developer” Isn’t Enough Anymore

As AI tools rapidly handle more technical execution, developers must evolve beyond writing code to stay competitive. Understanding business domains, thinking like product owners, and building your own projects are now essential skills that AI can't replicate.

By Amas →

Exploring Solutions to Tackle Low-Quality Contributions on GitHub

GitHub is looking to address the low-quality, often AI-generated pull requests that are overwhelming maintainers. Short-term solutions include configurable PR permissions and PR deletion. Long-term plans involve enhanced permission models, AI-based sorting, and better transparency for AI-assisted contributions.

On GitHub Community →

Node.js 16 to 25 Performance Benchmarks

RepoFlow conducted rigorous performance testing across 20 Node.js versions (16.0.0 through 25.3.0) on Apple M4 hardware. Each test ran five times with median throughput reported, and the system cooled between runs to avoid thermal bias. The benchmarks show consistent improvements in JSON operations, HTTP request handling, and SHA-256 hashing across versions 16 to 25.

By RepoFlow Team →

⏳ Back in Time

Most clicks from last newsletter:

🔗 The Link Lounge

Unordered finds from around the web:

Find something cool? You can send us links to feature here via email.

🧰 The Toolbox

Tools and products we're excited about today:

OpenClaw

OpenClaw is an open-source AI agent platform that runs locally on your machine. It integrates with chat apps like WhatsApp, Telegram, and Discord. Your data stays on your infrastructure, not external servers.

Learn more →

Dash

Dash is a self-learning data agent grounded in six context layers. It improves automatically through error patterns and fixes. Inspired by OpenAI's in-house implementation.

Learn more →

Codex app

Codex app for macOS can manage multiple AI coding agents simultaneously. It runs agents in parallel and is available for users on a paid ChatGPT plan.

Learn more →

Apptron

Apptron is a local-first development platform. It runs Alpine Linux in your browser with VSCode. No cloud required. Use it for development, AI experiments, or publishing sites.

Learn more →

Ever had a meeting where a random bot joins the call and, suddenly, everyone’s distracted?

Granola works differently. There are no meeting bots. Nothing joins your call.

Granola transcribes directly from your device’s audio (on your computer or your iPhone). It works with any meeting tool: Zoom, Google Meet, Microsoft team … and even for in-person conversations.

Try Granola on your next meeting and see how much easier it is to stay present. Use code SITEPOINT to get one month free.

Try it free →

🎤 Your Voice

Your feedback shapes what comes next! We read every email, so simply hit reply and tell us what's on your mind.