Trending
Content tagged with "security"
Hacker News
Top stories from the Hacker News community• Updated 2 minutes ago
InfoQ
Latest articles from InfoQ• Updated 15 minutes ago
JEP 500: Java to Enforce Strict Final Field Immutability by Restricting Reflection
JEP 500 prepares the Java ecosystem for final field integrity in JDK 26, restricting deep reflection mutations. This crucial update aims to enhance safety and performance by closing a long-standing loophole, transitioning toward stricter encapsulation. Developers can now anticipate warnings when attempting these mutations, ensuring a reliable path for future optimizations. By A N M Bazlur Rahman
Article: Trustworthy Productivity: Securing AI Accelerated Development
Autonomous AI agents amplify productivity but can cause severe damage without safeguards. Defend the ReAct loop—context, reasoning, and tools—through provenance gates, planner-critic separation, scoped credentials, sandboxed code, and STRIDE/MAESTRO threat modeling. With robust logging, bounded autonomy, and red-teaming, agents can deliver trustworthy productivity while minimizing risk. By Sriram Madapusi Vasudevan
Magika 1.0: Smarter, Faster File Detection with Rust and AI
Google has just released version 1.0 of Magika, a substantial rewrite of its open-source file type detection system. The new version leverages AI to support a broader range of file types and is built in Rust for maximum speed and security. By Sergio De Simone
Five AI Security Myths Debunked at InfoQ Dev Summit Munich
Katharine Jarmul challenged five common AI security and privacy myths in her InfoQ Dev Summit Munich 2025 keynote: that guardrails will protect us, better model performance improves security, risk taxonomies solve problems, one-time red teaming suffices, and the next model version will fix current issues. She said that current approaches to AI safety rely too heavily on technical solutions. By Karsten Silz
Presentation: Securing AI Assistants: Strategies and Practices for Protecting Data
Andra Lezza explains the criticality of data security for AI copilots, detailing the OWASP AI Exchange threat model and the OWASP Top 10 LLM risks. She reviews two copilot architectures - independent (single domain) and integrated (multi-tenant) - listing specific threats, controls, and best practices like granular authorization, templates, and DevSecOps to secure the entire AI data supply chain. By Andra Lezza
Patch Urgently - Critical Vulnerability CVE-2025-55182 in React Server Functions Actively Exploited
An unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC) was recently reported with the highest severity (10.0). Amazon threat intelligence teams report active exploitation attempts by multiple China state-nexus threat groups. The critical vulnerability affects React versions 19.0.0 through 19.2.0 and Next.js versions 15.x and 16.x when using App Router. By Bruno Couriol
Top posts from tech subreddits• Updated 32 minutes ago
North Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location
Home Depot in LA installs noise machines that ‘penetrate bones’ to deter day laborers
North Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location
Creating apps like Signal or WhatsApp could be 'hostile activity,' claims UK watchdog
Meta knowingly took in billions from scam ads on Facebook and Instagram, says Reuters
Hugging Face Trending
Popular models from Hugging Face• Updated 14 minutes ago
No models found
Try removing the tag filter or searching for different content.
GitHub Trending
Popular repositories from GitHub• Updated 29 minutes ago
crowdsec
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.