InfoQ Homepage News
-
AWS ALBs Now Support Native URL and Host Header Rewriting
AWS's Application Load Balancers (ALB) now offer native URL and Host Header Rewriting, eliminating the need for third-party proxies and custom logic. This feature enhances request routing, reduces maintenance, and lowers latency. Easily configurable via the AWS Management Console or API, it streamlines traffic management for backend services, aligning AWS with other cloud leaders.
-
NPM Ecosystem Suffers Two AI-Enabled Credential Stealing Supply Chain Attacks
The Node Package Manager (npm) ecosystem has suffered from two major supply chain attacks in recent months, affecting hundreds of packages and exposing developers to credential theft and data exfiltration. The attack vector of these incidents shows an AI-enabled evolution of how open-source software dependencies can be compromised.
-
Mirantis' Kubernetes Management Platform k0rdent Reaches v1.2.0
Mirantis has announced the release of version 1.2.0 of its open-source distributed container management platform k0rdent. They pitch k0rdent as a "super control plane" for helping platform engineers who manage Kubernetes infrastructure across multiple environments.
-
Bring Your Own Key (BYOK): AWS IAM Identity Center Adopts CMKs to Meet Enterprise Compliance Needs
AWS IAM Identity Center now supports customer-managed KMS keys (CMKs) for encrypting identity data at rest. This enhancement offers organizations complete control over their encryption keys, ensuring granular access management, robust auditing via AWS CloudTrail, and improved compliance for regulated industries. It’s a key evolution for data sovereignty in the cloud.
-
AWS Introduces EC2 Instance Attestation
AWS has introduced EC2 instance attestation, a new security feature that enables customers to verify that their virtual machines are running approved software configurations in a cryptographically secure manner. The capability is powered by the Nitro Trusted Platform Module (NitroTPM) and Attestable AMIs.
-
Flipkart Scales Prometheus to 80 Million Metrics Using Hierarchical Federation
Flipkart engineers recently published a detailed case study describing how they overcame severe scalability limits in monitoring by adopting a hierarchical federation design in Prometheus.
-
Terraform Google Cloud Provider 7.0 Reaches General Availability
HashiCorp has released version 7.0 of the Terraform provider for Google Cloud, introducing security-focused improvements such as ephemeral resources, write-only attributes, and stricter validation. The update enhances secret handling and reliability but introduces breaking changes requiring careful migration.
-
Researchers Introduce ACE, a Framework for Self-Improving LLM Contexts
Researchers from Stanford University, SambaNova Systems, and UC Berkeley have proposed Agentic Context Engineering (ACE), a new framework designed to improve large language models (LLMs) through evolving, structured contexts rather than weight updates. The method, described in a paper, seeks to make language models self-improving without retraining.
-
Google’s Open Source Gemini CLI Extensions Let Developers Build Custom AI-Powered Workflows
Google's Gemini CLI Extensions launch an open-source framework empowering developers to create and share integrations effortlessly. With modular architecture and playbooks for seamless tool interaction, Gemini CLI becomes a central hub for AI-assisted workflows. The platform fosters collaboration with prominent partners, enabling a robust ecosystem for personalized developer tools.
-
Talos Linux: Bringing Immutability and Security to Kubernetes Operations
Sidero Labs has been developing Talos Linux, an immutable operating system purpose-built exclusively for running Kubernetes, alongside Omni, a cluster lifecycle management platform. InfoQ met the Sidero team in Amsterdam during the TalosCon 2025 and had conversations about their approach to simplifying Kubernetes operations through minimalism and security-first design.
-
Slack Security: inside the New Anomaly Event Response Architecture
Slack has launched Anomaly Event Response (AER), a real-time security system that autonomously detects suspicious activity, terminates risky sessions, and reduces response time from days to minutes. The system’s architecture includes a detection engine, decision framework, and response orchestrator to help organizations prevent breaches efficiently.
-
Pixnapping: Side-Channel Vulnerability Allows Android Apps to Capture Sensitive Screen Data
A newly discovered class of attacks targets Android devices, allowing malicious apps to steal on-screen information from other apps using a technique known as pixel stealing. Dubbed Pixnapping, the attack leverages previously known side-channel vulnerabilities and affects virtually all apps, including Signal, Google Authenticator, Venmo, and many others.
-
.NET 10 Release Candidate 2: Finalizes SDK, MAUI Stabilization, and MSBuild Enhancements ahead of GA
Microsoft has released .NET 10 Release Candidate 2, the final pre-release build before general availability. As reported by the .NET team, RC 2 ships with a go-live support license, enabling production deployment while allowing developers to validate the platform ahead of its official release. The build is supported in Visual Studio 2026 Insiders and Visual Studio Code with the C# Dev Kit.
-
DevGreenOps: How to Design Sustainable Digital Services
DevGreenOps, also known as DevSusOps, is an extension of the DevOps approach, in which environmental sustainability considerations are integrated into every step of the DevOps cycle, Jochen Joswig said in his talk at OOP Conference. Applying transparency, minimalism, efficiency, and awareness helps us to design sustainable digital services.
-
AWS Launches Amazon Quick Suite, an Agentic AI Workspace
AWS has launched Amazon Quick Suite, a new AI-powered workspace designed to connect company data, automate workflows, and perform actions across business applications.