A Java library just tried to trick AI coding agents into deleting your tests, and it almost worked

The latest flare-up in the debate over AI-assisted coding did not come from a new model release or a benchmark result. It came from a single ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Microsoft

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by ...
InfoQ

Google Expands SynthID Adoption for AI Watermarking, Previews Content Detection API

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
InfoWorld

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...