InfoQ Homepage Security Vulnerabilities Content on InfoQ
-
PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information
Discovered by FutureSearch researcher Callum McMahon, a supply chain attack against LiteLLM on PyPI resulted in over 40 thousand downloads of a compromised version that installed a malicious payload capable of harvesting and exfiltrating sensitive information. LiteLLM is downloaded roughly 3 million times per day.
-
Cloudflare Adds Active API Vulnerability Scanning to Its Edge
Cloudflare has announced the open beta of its Web and API Vulnerability Scanner. This Dynamic Application Security Testing (DAST) tool is part of the API Shield platform.
-
AI Model Discovers 22 Firefox Vulnerabilities in Two Weeks
Claude Opus 4.6 discovered 22 Firefox vulnerabilities in two weeks, including 14 high-severity bugs, as nearly 20% of all critical Firefox vulnerabilities were fixed in 2025. The AI also wrote working exploits for two bugs, demonstrating emerging capabilities that give defenders a temporary advantage but signal an accelerating arms race in cybersecurity.
-
GitLab Suggests AI Can Detect Vulnerabilities But it's AI Governance That Determines Risk
Artificial intelligence is rapidly transforming how software vulnerabilities are detected, but questions about who governs the risks AI exposes, and how those risks are acted on, are becoming increasingly urgent, according to a new blog post by GitLab.
-
BellSoft Survey Finds Container Security Practices Are Undermining Developers’ Own Goals
Container security incidents are becoming a routine reality for software teams, and the tools meant to protect them may be making the problem worse.
-
Chainguard Finds 98% of Container CVEs Lurking outside the Top 20 Images
The latest State of Trusted Open Source report from Chainguard gives details on current industry thinking about vulnerabilities in container images and the long tail of open-source dependencies. The report offers a data-driven view of production environments based on more than 1,800 container image projects and 10,100 vulnerability instances observed between September and November 2025.
-
Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk
AWS recently published a security bulletin acknowledging a configuration issue affecting some popular AWS-managed open-source GitHub repositories. Dubbed CodeBreach, the critical vulnerability could have resulted in the introduction of malicious code and hijacking of the repositories leveraging AWS CodeBuild.
-
AI Agents Fail Manipulation Tests in Microsoft's Magentic Marketplace Simulation
Researchers at Microsoft, working in collaboration with Arizona State University, have introduced Magentic Marketplace, an open-source simulation environment designed to study how LLM-based agents behave in multi-agent economic systems. The platform addresses a growing need in AI research as autonomous agents gain capabilities in software development.
-
Supply Chain Security: Provenance Tools Becoming Standard in Developer Platforms
Software provenance is gaining new importance as organizations look for ways to secure their supply chains against tampering and comply with emerging standards like SLSA.
-
Docker Launches Hardened Base Images
Docker has launched its Docker Hardened Images (DHI), a security-focused range of base images that reduce vulnerabilities by up to 95%. Built using a distroless approach, these minimal images eliminate unnecessary components, offering automatic patching and compatibility with existing Dockerfiles. Ideal for regulated environments, DHI enhances software supply chain security and transparency.
-
Goodbye CVE? European Vulnerability Database EUVD Now Live
The European Union Agency for Cybersecurity (ENISA) has recently launched the beta of the European Vulnerability Database (EUVD), a new public platform operating alongside, but independently from, the widely used Common Vulnerabilities and Exposures (CVE) system. The new platform aims to improve coordination and transparency in vulnerability handling within the EU.
-
Google Gemini's Long-term Memory Vulnerable to a Kind of Phishing Attack
AI security hacker Johann Rehberger described a prompt injection attack against Google Gemini able to modify its long-term memories using a technique he calls delayed tool invocation. The researcher described the attack as a sort of social engineering/phishing attack triggered by the user interacting with a malicious document.
-
AWS Cloud Development Kit Vulnerability Enables Full AWS Account Takeover
A new vulnerability discovered in AWS Cloud Development Kit (CDK) by security firm Aqua could lead to an attacker fully taking over a target AWS account due to manual deletion of artifact S3 buckets. While AWS fixed the vulnerability, you are still required to take action if you have used CDK version v2.148.1 or earlier.
-
Cloudflare Advocates for Broader Adoption of security.txt Standard for Vulnerability Reporting
To address the issue of unreported security vulnerabilities, Cloudflare recently launched a dashboard to help create and manage a security.txt file for website vulnerability disclosures. The generated file adheres to the RFC9116 standard, offering security research teams a standardized method for reporting vulnerabilities.
-
Security Experts Exploit Airport Security Loophole with SQL Injection
In the article "Bypassing airport security via SQL injection," two security researchers recently demonstrated how they executed a simple SQL injection attack on a service that enables pilots and flight attendants to bypass airport security screening.