InfoQ Homepage News
-
Microsoft Patches Critical ASP.NET Core Vulnerability with 9.9 Severity Score
Microsoft recently released a security advisory and patched a critical vulnerability in ASP.NET Core that allows an attacker to bypass a security feature over a network due to an inconsistent interpretation of HTTP requests. With a CVSS score of 9.9 out of 10, CVE-2025-55315 is the highest-rated Microsoft vulnerability.
-
Google Cloud Introduces Chaos Engineering Framework and Recipes for Distributed Systems
Google Cloud's Expert Services Team has released a detailed guide on chaos engineering for cloud-based distributed systems. It highlights that the intentional creation of failures is essential for developing resilient architectures. The initiative provides open-source recipes and helpful guidance for applying controlled disruption testing in Google Cloud environments.
-
New Claude Haiku 4.5 Model Promises Faster Performance at One-Third the Cost
Anthropic released Claude Haiku 4.5, making the model available to all users as its latest entry in the small, fast model category. The company positions the new model as delivering performance levels comparable to Claude Sonnet 4, which launched five months ago as a state-of-the-art model, but at "one-third the cost and more than twice the speed."
-
Anthropic Finds LLMs Can Be Poisoned Using Small Number of Documents
Anthropic's Alignment Science team released a study on poisoning attacks on LLM training. The experiments covered a range of model sizes and datasets, and found that only 250 malicious examples in pre-training data were needed to create a "backdoor" vulnerability. Anthropic concludes that these attacks actually become easier as models scale up.
-
Cloudflare Proposes Merkle Tree Certificates to Solve Post-Quantum TLS Performance Issue
Cloudflare's innovative Merkle Tree Certificates (MTCs) revolutionize WebPKI, enabling a seamless transition to Post-Quantum (PQ) cryptography without performance penalties. By minimizing TLS handshake overhead and integrating Certificate Transparency, MTCs promise enhanced security while addressing latency concerns, paving the way for future-ready internet security.
-
Java News Roundup: New Jakarta AI Specification, GlassFish, Spring RCs, Infinispan 16, Open Liberty
This week's Java roundup for November 3rd, 2025, features news highlighting: a new Jakarta AI specification; the fourteenth milestone release of GlassFish 8.0; second release candidates of Spring Boot 4.0, Spring for GraphQL 2.0 and Spring Batch 6.0; the release of Infinispan 16.0; and the November 2025 edition of Open Liberty.
-
CodeClash Benchmarks LLMs through Multi-Round Coding Competitions
Researchers from Standford, Princeton, and Cornell have developed a new benchmark to better evaluate coding abilities of large language models (LLMs). Called CodeClash, the new benchmark pits LLMs against each other in multi-round tournaments to assess their capacity to achieve competitive, high-level objectives beyond narrowly defined, task-specific problems.
-
Dev Proxy v1.3.0: HAR File Generation, LLM Usage Tracking, and Enhanced API Testing Feature
Dev Proxy v1.3.0 has been released, introducing several new features aimed at improving debugging, testing, and API monitoring. The update includes two new plugins, HAR file generation for standardized network tracing and OpenAI usage tracking for better visibility into AI-related costs, along with enhancements to permissions analysis, OpenAPI specification generation, and overall stability.
-
OpenJDK News Roundup: Vector API, Ahead-of-Time Object Caching, Prepare to Make Final Mean Final
There was a flurry of activity in the OpenJDK ecosystem during the week of November 3, 2025, highlighting three JEPs elevated from Proposed to Target to Targeted and three JEPs elevated from Candidate to Proposed to Target for JDK 26. The proposed release schedule has also been finalized.
-
Embedding Atlas: Apple’s Open-Source Tool for Exploring Large-Scale Embeddings Locally
Apple has introduced Embedding Atlas, a new open-source tool for visualizing and exploring large-scale embeddings interactively. Designed for researchers, data scientists, and developers, the platform provides a fast and intuitive way to analyze complex, high-dimensional data—from text embeddings to multimodal representations—without requiring any backend infrastructure or external data upload.
-
GitHub Expands Copilot Ecosystem with AgentHQ
GitHub has announced AgentHQ, a new addition to its platform that aims to unify the fragmented landscape of AI tools within the software development process.
-
Redis Critical Remote Code Execution Vulnerability Discovered after 13 Years
Redis recently released a security advisory regarding CVE-2025-49844. This critical (CVSS 10.0) use-after-free (UAF) vulnerability in Lua scripting could allow authenticated attackers to execute remote code on older versions of Redis and Valkey with Lua scripting enabled. Developers are urged to upgrade to patched releases as soon as possible.
-
AWS Launches Capabilities by Region Tool
AWS has launched "AWS Capabilities by Region," a powerful tool that streamlines service visibility for architects and developers. No more manual checks—now you can compare AWS services across regions interactively and plan deployments efficiently. With enhanced transparency and automated capability checks, streamline global projects and minimize delays.
-
Microsoft Moves Azure DevOps MCP Server from Preview to General Availability
Microsoft announced in October 2025 that its Azure DevOps MCP Server, a local Model Context Provider designed to bring richer context to AI assistants like GitHub Copilot, has exited public preview and become generally available.
-
TanStack Start: A New Meta Framework Powered by React or SolidJS
Introducing TanStack Start v1—a revolutionary full-stack framework for React and Solid applications. Built on TanStack Router and Vite, it offers type-safe APIs, streaming SSR, and universal deployment. Optimized for performance and flexibility, TanStack Start presents a compelling alternative to Next.js, catering to modern development needs with seamless integration and incremental adoption.