Trending
Content tagged with "security"
Hacker News
Top stories from the Hacker News community• Updated 5 minutes ago
InfoQ
Latest articles from InfoQ• Updated 17 minutes ago
JEP 500: Java to Enforce Strict Final Field Immutability by Restricting Reflection
JEP 500 prepares the Java ecosystem for final field integrity in JDK 26, restricting deep reflection mutations. This crucial update aims to enhance safety and performance by closing a long-standing loophole, transitioning toward stricter encapsulation. Developers can now anticipate warnings when attempting these mutations, ensuring a reliable path for future optimizations. By A N M Bazlur Rahman
Article: Trustworthy Productivity: Securing AI Accelerated Development
Autonomous AI agents amplify productivity but can cause severe damage without safeguards. Defend the ReAct loop—context, reasoning, and tools—through provenance gates, planner-critic separation, scoped credentials, sandboxed code, and STRIDE/MAESTRO threat modeling. With robust logging, bounded autonomy, and red-teaming, agents can deliver trustworthy productivity while minimizing risk. By Sriram Madapusi Vasudevan
Magika 1.0: Smarter, Faster File Detection with Rust and AI
Google has just released version 1.0 of Magika, a substantial rewrite of its open-source file type detection system. The new version leverages AI to support a broader range of file types and is built in Rust for maximum speed and security. By Sergio De Simone
Five AI Security Myths Debunked at InfoQ Dev Summit Munich
Katharine Jarmul challenged five common AI security and privacy myths in her InfoQ Dev Summit Munich 2025 keynote: that guardrails will protect us, better model performance improves security, risk taxonomies solve problems, one-time red teaming suffices, and the next model version will fix current issues. She said that current approaches to AI safety rely too heavily on technical solutions. By Karsten Silz
Presentation: Securing AI Assistants: Strategies and Practices for Protecting Data
Andra Lezza explains the criticality of data security for AI copilots, detailing the OWASP AI Exchange threat model and the OWASP Top 10 LLM risks. She reviews two copilot architectures - independent (single domain) and integrated (multi-tenant) - listing specific threats, controls, and best practices like granular authorization, templates, and DevSecOps to secure the entire AI data supply chain. By Andra Lezza
Patch Urgently - Critical Vulnerability CVE-2025-55182 in React Server Functions Actively Exploited
An unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC) was recently reported with the highest severity (10.0). Amazon threat intelligence teams report active exploitation attempts by multiple China state-nexus threat groups. The critical vulnerability affects React versions 19.0.0 through 19.2.0 and Next.js versions 15.x and 16.x when using App Router. By Bruno Couriol
Top posts from tech subreddits• Updated 17 minutes ago
Japanese content platform DLsite gets its own official credit card amidst Visa and Mastercard suspensions
Airbus moving critical systems away from AWS, Google, and Microsoft citing data sovereignty concerns
Tipster using Reddit was key in cracking Brown University shooting case, police say
Home Depot in LA installs noise machines that ‘penetrate bones’ to deter day laborers
Hugging Face Trending
Popular models from Hugging Face• Updated 17 minutes ago
No models found
Try removing the tag filter or searching for different content.
GitHub Trending
Popular repositories from GitHub• Updated 31 minutes ago
osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Harden-Windows-Security
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | SLSA Level 3 Compliant for Secure Development and Build Process | Apps Available on MS Store✨
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems