InfoQ Homepage Application Security Content on InfoQ
-
Patch Urgently - Critical Vulnerability CVE-2025-55182 in React Server Functions Actively Exploited
An unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC) was recently reported with the highest severity (10.0). Amazon threat intelligence teams report active exploitation attempts by multiple China state-nexus threat groups. The critical vulnerability affects React versions 19.0.0 through 19.2.0 and Next.js versions 15.x and 16.x when using App Router.
-
BellSoft Unveils Hardened Java Images
BellSoft has launched Hardened Images for Java containers, claiming 95% fewer CVEs and 30% resource savings. Built on Alpaquita Linux, the 3-in-1 solution combines runtime optimisation, OS hardening, and CVE remediation. It offers a secure, flexible alternative to Chainguard and Distroless, available now in three tiers.
-
GitHub Rolls out Post-Quantum SSH Security to Protect Code from Future Threats
GitHub has deployed a hybrid post-quantum key-exchange algorithm for SSH access, strengthening protection against future quantum decryption threats. The rollout, now live across most regions, pairs classical and quantum-resistant methods to counter “store now, decrypt later” attacks and marks a major step toward quantum-safe software development.
-
Layered Defences are Key to Combating AI-Driven Cyber Threats, CNCF Report Finds
The Cloud Native Computing Foundation has published an analysis of modern cybersecurity practices, finding that attacks using Artificial Intelligence are now a significant threat. The report highlights the criticality for organisations to adopt multi-layered defense strategies as artificial intelligence transforms both the threat landscape and the protective measures available to businesses.
-
Google Cloud KMS Launches Post-Quantum KEM Support to Combat "Harvest Now, Decrypt Later" Threat
Google Cloud's Key Management Service now supports post-quantum Key Encapsulation Mechanisms (KEMs), addressing future threats from quantum computing. This update empowers organizations to prepare against "Harvest Now, Decrypt Later" attacks while ensuring long-term data confidentiality.
-
NPM Ecosystem Suffers Two AI-Enabled Credential Stealing Supply Chain Attacks
The Node Package Manager (npm) ecosystem has suffered from two major supply chain attacks in recent months, affecting hundreds of packages and exposing developers to credential theft and data exfiltration. The attack vector of these incidents shows an AI-enabled evolution of how open-source software dependencies can be compromised.
-
AWS Introduces EC2 Instance Attestation
AWS has introduced EC2 instance attestation, a new security feature that enables customers to verify that their virtual machines are running approved software configurations in a cryptographically secure manner. The capability is powered by the Nitro Trusted Platform Module (NitroTPM) and Attestable AMIs.
-
Pixnapping: Side-Channel Vulnerability Allows Android Apps to Capture Sensitive Screen Data
A newly discovered class of attacks targets Android devices, allowing malicious apps to steal on-screen information from other apps using a technique known as pixel stealing. Dubbed Pixnapping, the attack leverages previously known side-channel vulnerabilities and affects virtually all apps, including Signal, Google Authenticator, Venmo, and many others.
-
HashiCorp Warns Traditional Secret Scanning Tools are Falling behind
HashiCorp has issued a warning that traditional secret scanning tools are failing to keep up with the realities of modern software development. In a new blog post, the company argues that post-commit detection and brittle pattern matching leave dangerous gaps in coverage.
-
Cursor 1.7 Adds Hooks for Agent Lifecycle Control
Cursor has introduced a Hooks system in version 1.7 that allows developers to intercept and modify agent behavior at defined lifecycle events. Hooks can be used to block shell commands, run formatters after edits, or observe agent actions in real time.
-
Linux Security Tools Bypassed by io_uring Rootkit Technique, ARMO Research Reveals
Security researchers at ARMO have uncovered a significant vulnerability in Linux runtime security tools that stems from the io_uring interface, an asynchronous I/O mechanism that can completely bypass traditional system call monitoring. The research demonstrates how attackers can exploit this blind spot to operate undetected by most existing security solutions.
-
Agentic AI Expands into SecOps to Ease Human Workloads
Agentic AI is beginning to reshape malware detection and broader security operations. These systems are being used not to replace humans, but to take on the lower value jobs that have historically tied up analysts — from triaging alerts to reverse-engineering suspicious files.
-
Supply Chain Security: Provenance Tools Becoming Standard in Developer Platforms
Software provenance is gaining new importance as organizations look for ways to secure their supply chains against tampering and comply with emerging standards like SLSA.
-
“A Security Nightmare”: Docker Warns of Risks in MCP Toolchains
A new blog post from Docker warns that AI-powered developer tools built on the Model Context Protocol (MCP) are introducing critical security vulnerabilities — including real-world cases of credential leaks, unauthorized file access, and remote code execution.
-
Kubernetes Introduces Post-Quantum Support for TLS
A recent Kubernetes enhancement aims to pave the way to future-proofing cluster security against quantum computing threats. In a blog post, the Kubernetes community highlighted support for post-quantum cryptography (PQC) via a hybrid key exchange mechanism integrated with the Kubernetes Key Management Service (KMS) plugin system.