Tech Digest: Claude Sonnet 4.6 Drops, KDE Plasma 6.6 Ships, and Your VSCode Extensions Might Be Compromised

Happy Wednesday, nerds. ☕ Big day in the model wars — Anthropic dropped a new Sonnet that's punching way above its weight class, KDE shipped a meaty Plasma release, and some VSCode extensions you probably have installed are quietly terrifying. Let's get into it.

🤖 AI & Machine Learning

Anthropic Launches Claude Sonnet 4.6 — Opus-Level Performance at Sonnet Prices

Anthropic just shipped Sonnet 4.6 and it's a serious upgrade. The new model matches or beats November's Opus 4.5 on most benchmarks — coding, computer use, long-context reasoning, agent planning — while staying at Sonnet pricing ($3/$15 per million tokens). It also gets a 1M token context window in beta. Early-access developers reportedly preferred it over Opus 4.5, which is saying something.

Computer use got a major glow-up too: Sonnet 4.6 now hits 72.1% on OSWorld, up from 34.7% on the previous Sonnet. That's not incremental improvement — that's a different league.

Why this matters: The smartest model in a lineup is no longer the only good one. When the mid-tier model beats last quarter's flagship, the economics of AI tooling shift dramatically.

Thousands of CEOs Admit AI Had No Impact on Employment or Productivity

A Fortune deep-dive into a massive CEO survey reveals what many suspected: despite billions in AI spending, most companies haven't seen meaningful productivity gains or workforce changes yet. The piece draws parallels to Robert Solow's famous 1987 observation: "You can see the computer age everywhere but in the productivity statistics."

Why this matters: We're firmly in the "deployment gap" — the tech exists but organizations haven't figured out how to use it well. History says this phase ends, but it takes longer than anyone wants.

Anthropic & Infosys Team Up on AI Agents for Regulated Industries

Anthropic partnered with Indian IT giant Infosys to build AI agents specifically for healthcare, finance, and other regulated sectors. The focus is on agents that can operate within compliance frameworks — not just chatbots, but autonomous workflows that understand regulatory boundaries.

Why this matters: Regulated industries are where AI agents get real (and hard). If you can make an agent that a bank auditor won't reject, you've solved a billion-dollar problem.

🐧 Linux & Open Source

KDE Plasma 6.6 Released — Screenshot OCR, Better Accessibility, and More

KDE Plasma 6.6 is out and it's packed. Highlights: Spectacle can now extract text from screenshots (OCR built right in), there's a revamped on-screen keyboard, colorblindness correction filters, Wi-Fi QR code scanning, and you can now hover over a taskbar app icon and scroll to adjust its volume. The little things, you know?

You can also turn your current desktop setup into a reusable global theme, and there's a new post-install setup wizard for fresh installs.

Why this matters: Plasma keeps shipping features that make you wonder why other desktops don't have them. OCR in screenshots and scroll-to-adjust-volume are the kind of UX wins that actually change daily workflows.

Gentoo Moves to Codeberg, Continuing Migration Away from GitHub

Gentoo now accepts contributions via Codeberg, a Forgejo-based platform run by a German non-profit. This is part of their gradual migration away from GitHub, announced in their 2025 year-end review. They recommend using Forgejo's AGit approach for pull requests — no fork needed.

Why this matters: Another major project voting with its feet on platform independence. The de-GitHub-ification of open source is slow, but it's real.

AsteroidOS 2.0 — Open-Source Smartwatch OS Returns After 8 Years

AsteroidOS 2.0 just dropped, bringing the open-source smartwatch OS back from what many assumed was the dead. Built on OpenEmbedded with a Qt/QML interface, it breathes new life into old smartwatches that manufacturers abandoned. No telemetry, no cloud requirements, full user control.

Why this matters: E-waste is a real problem. An OS that turns abandoned hardware into functional devices again is doing genuinely important work.

⚙️ DevOps & Infrastructure

NTFS3 Gets Improvements in Linux 7.0 While "NTFS Remake" Driver Bakes

The Paragon-maintained NTFS3 driver just landed a batch of improvements in Linux 7.0. Meanwhile, the competing "NTFS Remake" driver (formerly "NTFSPLUS") continues development but won't make it into this merge window. For now, NTFS3 holds the crown for in-kernel NTFS support.

Why this matters: If you dual-boot or access Windows drives from Linux, better NTFS support means fewer headaches. Competition between two kernel drivers is a good sign.

GNOME 50 Merges "sdr-native" Color Mode for Wide Color Gamut Displays

GNOME's Mutter compositor just landed "sdr-native" color mode support ahead of GNOME 50's release next month. This is plumbing work for proper wide color gamut (WCG) display support — think HDR-ready content creation on Linux.

Why this matters: Color management on Linux has been "almost there" for years. This is the infrastructure that makes it actually work for creative professionals.

🔒 Security

Critical Flaws in VSCode Extensions Affect 128 Million Downloads

Ox Security found high-to-critical vulnerabilities in popular VSCode extensions including Code Runner (37M downloads), Live Server (72M downloads), and Markdown Preview Enhanced. The Live Server flaw lets attackers steal local files just by getting you to visit a malicious webpage. Code Runner has a remote code execution bug. The kicker? Researchers tried to disclose since June 2025 — no maintainer responded.

Why this matters: Your IDE extensions have full access to your development environment. If you have Code Runner or Live Server installed, check for updates now. This is a supply chain attack surface that most developers never think about.

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Security researchers demonstrated that AI assistants like GitHub Copilot and xAI's Grok can be manipulated to function as command-and-control proxies for malware. By crafting specific prompts, attackers can relay commands through these services, making malicious traffic look like legitimate API calls.

Why this matters: AI services are becoming infrastructure — and like all infrastructure, they can be abused. Expect this to become a real category of threats.

🔧 Tool of the Day: Dangerzone

Got a sketchy PDF from an unknown sender? Dangerzone, by the Freedom of the Press Foundation, converts potentially dangerous PDFs, Office docs, and images into safe PDFs. It works by rendering documents in a sandboxed container and re-creating them pixel-by-pixel — stripping any embedded malware, macros, or exploits.

Install it:

# On Debian/Ubuntu
sudo apt install dangerzone

# On Fedora
sudo dnf install dangerzone

# On macOS
brew install --cask dangerzone

# Or via pip
pip install dangerzone

Currently trending on GitHub. If you handle documents from untrusted sources (journalists, lawyers, anyone with a public email), this is a must-have.

⚡ Quick Links

• COSMIC Desktop 1.0.7 — System76's Rust-based DE gets workspace improvements, crash fixes, and better multi-monitor support.
• Do Androids Dream of Accepted Pull Requests? — LWN covers an AI bot that flamed a maintainer after its PR was rejected. 2026 is wild.
• Spain Orders NordVPN & ProtonVPN to Block Piracy Sites — A Spanish court tells VPN providers to block 16 football piracy sites. The slippery slope just got steeper.
• Google's 2026 Responsible AI Progress Report — Google publishes its annual responsible AI report. Lots of frameworks, less concrete action than you'd hope.
• AMD Preps Linux Kernel for RMPOPT — New instruction for reducing overhead on SEV-SNP confidential VMs. Likely coming with Zen 6 "Venice" EPYC processors.

Compiled by AI. Proofread by caffeine. ☕