InfoWorld

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a routing library hugely popular among React web application developers. Multiple other packages were also affected, incl…

GitLab CEO Bill Staples says enterprises’ monthly bill for developer platform services has risen from tens of dollars per seat to hundreds over the last year, and is headed toward the thousands, signaling a structural change in how they will be billed for AI-enabled software development tools . The increase in cost reflects the volume of work AI agents generate inside development pipelines, Stapl…

It seems that the software developers at Facebook, who are all in on AI-powered coding, came up with a notion they called “Claudeonomics” to measure their all in-ness. This manifested itself as an internal dashboard/scoreboard of who was burning the most tokens with Claude Code . The race was on to see who could burn through the most tokens. Never mind whether this conflagration of Claude tokens …

As use of agentic AI accelerates, Red Hat is hoping to position itself as the critical behind-the-scenes plumbing and connective fabric. To this end, the company has unveiled new desktop and developer suite functions, skills bundles, and a rolling Linux release to help enterprises move beyond the experimental phase. Announced at Red Hat Summit today, the new features and services are included in …

With the release of JDK 26 , which arrived March 17, we’ve now seen 17 versions of Java delivered under the time-based six-month release cadence. Nobody can call this anything other than a huge success for Java . In the last eight years, we’ve seen the Java platform move forward faster than at any time in its history. In addition, the faster release cadence has made preview features and incubator…

It’s not every day that a radically new architecture comes along, but here we are: in-browser SQLite , combined with reactive SQL and auto-syncing. The promise is instant interactivity on the front end, while maintaining data symmetry with the back end. As a direct challenger to the RESTful group-think that has dominated web development for a decade, it is well worth a look. Not really new, but i…

Amazon Web Services (AWS) is reshaping its underlying network foundation , a move that could redefine how enterprises approach cloud technology, costs, and operational efficiency. As enterprises contemplate next-generation workloads, from generative AI to globally distributed applications, AWS’s end-to-end custom networking stack is a new calculus for cloud economics, agility, and security. Let’s…

A malicious Hugging Face repository posing as an OpenAI release delivered infostealer malware to Windows systems and logged 244,000 downloads before being removed, raising fresh concerns about how enterprises source and validate AI models from public repositories. The repository, named Open-OSS/privacy-filter, impersonated OpenAI’s legitimate Privacy Filter release, copied its model card almost w…

While generative AI has shown promising results in advancing software engineering, its inclusion within end-user applications is a different story. Features labeled as AI continue to pop up across every UI, but they’re not always helpful or useful. Often driven by hype , they can become a distraction, or worse, a productivity killer. “Many fall into the trap of tacking on AI capabilities to cash …

Every hot, new workload gets its own database. Briefly. You know the drill. From search to JSON (documents) to graph , as an industry we have this weird fixation with building new databases. DB-Engines now tracks 434 of them. We’re now doing it again with vector databases , which were hailed almost overnight as the essential new persistence layer for AI. The story was simple and, for a time, conv…

I counted at least 10 events in San Francisco last night aimed at matching AI startups with VCs. Just another Thursday. But what made Camp AI’s “Agents at Work” event (hosted by Auth0 ) stand out was its showcase of companies that are in various stages of reorganizing their engineering processes around AI agents. Browserbase , Mastra , Fireworks AI , Drata , Mya , MindFort , and Corridor are all …

It’s harder than it might seem to create a stand-alone Python app. It’s also harder than you might think to reliably back up SQLite databases, but Python has the tools for it. And while it’s not easy to install Python on an air-gapped machine, it absolutely can be done. Top picks for Python readers on InfoWorld Why it’s so hard to create stand-alone Python apps Python’s dynamism is one of its mos…

Hyperscale cloud providers are doing what any aggressive buyer with deep pockets would do: purchasing enormous volumes of DRAM and high-bandwidth memory to feed AI factories , new cloud regions, and expanding platform services. By securing supply ahead of competitors, they lock in favorable terms and ensure their growth is not constrained by component scarcity. From their perspective, this is sma…

Optimizing artificial intelligence pipelines requires moving beyond surface-level hardware adjustments to fundamentally alter how models process data. While engineers often implement basic toggle-away efficiencies inside the training loop , achieving permanent cost reductions requires architectural changes directly inside the neural network. As I have previously argued, the science is solved, but…

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the software to the latest version, which is currently 3.11.2. The warnings come in advisories from vm2 maintainer Patrik Sime…