June was sweltering, but the summer heat didn’t slow down open-source software developers. Last month delivered a wave of app ...
Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. In this eMag, we try to establish agentic AI ...
A newly discovered malware campaign targeting the open source software ecosystem underscores how rapidly supply chain threats are evolving. The campaign, which JFrog has dubbed "IronWorm," targets ...
Security researcher Markus Vervier warns that Starlette, an open-source framework used by millions of AI agents and tools worldwide, has a critical vulnerability. Millions of AI agents imperiled by ...
Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
Discover the top 12 tools in 2026, from Cursor to Copilot, to speed up daily dev workflows and build apps faster!
The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are becoming a new software supply chain attack vector. A malicious Hugging ...
If you work with AI APIs and local LLMs, there's a good chance you've at least heard of LiteLLM. It's one of the most popular Python libraries for interacting with large language models, offering a ...
On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have been compromised in a sophisticated CI/CD-focused supply chain attack. Threat actors ...
Hackers published a malicious scanner release and replaced tags to point to information-stealer malware. A threat actor compromised Aqua Security’s Trivy open source vulnerability scanner in a supply ...