InfoWorld

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the software to the latest version, which is currently 3.11.2. The warnings come in advisories from vm2 maintainer Patrik Sime…

The first full beta of Python 3.15 has arrived, and it’s one of the most feature-packed Python releases in many a moon. Here’s a rundown of the biggest, boldest, and most important innovations, changes, and fixes. Lazy imports A long-asked for feature, lazy imports allow imports to be processed only when they’re actually used by the program. Thus for slow-importing modules that impose a large cos…

Teradata has launched its Autonomous Knowledge Platform, a new flagship offering that brings together data, analytics, AI development, agent orchestration, and governance across cloud, on-premises, and hybrid environments. The target customer is an enterprise that has moved beyond testing AI assistants and is now asking harder questions: which data agents can use, what actions they can take, how …

Writing code has always been the most time- and resource-intensive task in software development. AI is changing that , and faster than most engineering organizations are prepared for. Tools like Claude Code and Cursor are already handling significant parts of code construction, freeing developers to spend more time on requirements, architecture, and design. But that shift creates a new challenge …

Front-end development has never been more capable. Modern frameworks offer fast rendering pipelines, component composition, powerful tooling, and a growing ecosystem of libraries that promise to make building sophisticated applications easier than ever. Yet many teams experience exactly the opposite — increasing difficulty. Applications grow harder to reason about. Features interact in unexpected…

For all their technical capabilities, large language models (LLMs) still have a memory problem. They can lack the ability to retain context across conversations, and don’t always contain the frameworks to let them access relevant data, ultimately making their results unreliable and untrustworthy. NoSQL database pioneer MongoDB is taking on this problem, releasing new persistent memory, retrieval,…

I’ve been watching the cloud market long enough to know when a useful innovation becomes a strategic distraction. That’s what is happening now with agentic AI . The concept itself is not the issue. There is real value in autonomous and semi-autonomous systems that can coordinate tasks, assist developers, optimize workflows, and eventually reduce the amount of manual effort required to run complex…

At first glance, Microsoft Foundry looks like a big grab bag of every AI-adjacent service that Microsoft has offered in the last decade, plus some new ones. In Microsoft’s own words, “Foundry consolidates several previous Azure AI services and tools into a unified platform” and “unifies agents, models, and tools under a single management grouping.” Microsoft Foundry helps application developers t…

Modern frontend applications rely on cloud services for far more than basic data fetching. Authentication, search, file uploads, feature flags, notifications and analytics often depend on APIs and managed services running behind the scenes. Because of that, frontend reliability is closely tied to cloud reliability, even when the frontend team does not directly own the infrastructure. This is ofte…

I’m not even remotely worried about AI eliminating software development jobs. In fact, I’m pretty sure there will soon be a boom in both software development jobs and the amount of software available to everyone. People have always worried about automation causing massive unemployment. Each time a breakthrough happens, folks are sure that “it will be different this time.” Only it never is differe…

Attackers too are looking to cash in on the AI coding craze, adapting their supply-chain techniques to target coding agents themselves. Many AI agents autonomously scan package registries such as NPM and PyPI for components to integrate into their coding projects, and attackers are beginning to take advantage of this. Bait packages with persuasive descriptions and legitimate functionality have cr…

Oracle plans to issue security patches for its ERP, database, and other software on a monthly cycle, rather than quarterly, to respond to the increased pace of AI-enabled software vulnerability discovery. Other software vendors, notably Microsoft, SAP, and Adobe, already release patches on a monthly beat, always on the second Tuesday of each month . Oracle, though, is taking an off-beat approach:…

Vibe coding and spec-driven development (SDD) are two emerging approaches where devops teams use AI to develop all of an application’s code. There are discussions about which approach to use for different use cases, and there are many platforms to consider with varying capabilities and experiences. Some experts question whether AI delivers reliable, maintainable applications, while others suggest…

Open-source databases are facing a bit of a memory problem as AI helps surface decades-old buffer overflow issues in widely used components. Security researchers have disclosed a set of high and critical-severity vulnerabilities affecting PostgreSQL and MariaDB, with two bugs reportedly tracing their roots back more than 20 years. At Wiz’s zeroday.cloud hacking event, researchers using the AI-pow…

In 2021, I was developing software for an aerospace manufacturer and met with our machine learning team to discuss innovative approaches for tracking FOD (free-orbiting debris), a major security and operational concern in the industry. What struck me wasn’t the algorithms or tracking equipment, but the terabytes of data (up to petabytes) that were being produced. Old-school problems of limited ha…