Microsoft warns for AI recommendation poisoning

The Microsoft Defender Security research team published  an article warning for AI recommendation poisoning. 

When using an AI on a website you do not control, you do not know which prompt it actually uses.

Microsoft has  spotted "summarize with AI" buttons that add hidden instructions to give subtly misleading, biased and dangerous results.

The problem extends to any website providing AI  assistance on a variety of topics like health and security. These can be manipulated with AI Memory poisoning, where the system has been pre-populated with biased data, like websites that should be trusted as authoritative sources.

Remember the warnings from Harry Potter and the chamber of secrets: Never trust anything that can think for itself if you can't see where it keeps its brain.

 

 

IntelliJ 2025.3 performance issue

The new IntelliJ 2025.3 pauses frequently.

This is largely due to the new  slick Island theme.

I'm expecting a quick fix, but until then better switch back to one of the older themes (e.g. Light).

more info... 

There is also an annoying migration popup for the move from SQL conzole to SQL files. If you have configured a global datasource, it popz up in EVERY project your open. Issue..

 

 

Trusted browser extensions turn malicious

A set of chrome/edge browser extensions that have been popular for years, turned into malware after an update last year (2024). The extensions, among which Clean Master is the most popular, were publised by Star Laboratary Technology Co. , a Chinese company.

The extensions run malicious JavaScript with full browser access and collecting data on all operations and send them to China. 

More info... 

Spring boot 4 / framework 7 released (updated)

Spring boot 4 was released this week, on the heels of the Spring Framework 7 release. Here are some highlights:

• Upgrades in underlying technology:

• Java 25 (with a Java 17 baseline)
• Gradle 9
• Jackson 3 
• plenty of major releases for Spring modules (Data, AMQP, Batch, BraphQL, HATEOAS, Rest Docs, Security...)

• Completion of the effort to add JSpecify null safety throughout the codebase 
• OpenFeign like support for declarative HTTP Service clients based on annotated interfaces for RestClient, RestTemplate and WebClient.
• Autowired RestTestClient (operating on the underlying MockMvc instance) 
• REST API Versioning
• new JMS Client API 
• Kotlin Serialisation (<-> JSON) 

Chat control approved in EU

 It is a sad day for liberty and privacy in the EU.

Online platforms must monitor activity related to child abuse and take measures to limit the risks. take measures to limit for child abuse. 

Failing to do so, they can be fined. Platforms which are said to have a high risk of containing such material can be forced to implement measures by a national governing authority.

This implies that they will be required to scan all communication. Child abuse is being abused as an argument to scan all communication.

In Belgium we have a long standing right for private communication in postal letters (briefgeheim). We are now losing a part of our freedom. 

 

LLM's get fooled by poets

Italian boffins discovered that trying to sidestep the guards that limit what an AI system will do for you (hacking...) works an order of magnitude better if you phrase your request as a poem.

The approach works accorss all popular models, though some are more vulnerable then others.

This suggest that prompting systems using non standard language will give you a better success rate when trying to abuse AI systems.

more... 

Java SE version history (updated)

Version	Name	Release	Major new features
25 (LTS)		9/2025	simplifications: top level methods, instance main, IO package module imports
16		3/2021	record
15		9/2020	Text blocks
14		3/2020	Switch expressions
11 (LTS)		9/2018	Run (single file) source code
9		2016	JSR 294: modular JDK (Jigsaw) Searchable javadoc
8 (LTS)	Spider	3/2014	JSR 335: lambda expressions Collections Stream Framework JSR 310: Date and Time API Compact profiles JSR 308: annotations outside declarations (on usage)
7	Dolphin	7/2011	language (project coin): switch on strings, multi catch, try with autoclosing resources, empty generics (diamond operator), binary literal, underscores in numbers NIO.2 file handling Fork/Join concurrency JAX-WS 2.2 (SOAP 1.2, WS-I 2.0, metro 2.0)
6	Mustang	12/2006	JSR 223: scripting language support JSR 224: JAX-WS2.0 (metro 1.x) JSR 221: JDBC 4 (driver autoloading)) Perfomance enhancements in synchronisation and garbage collection
5	Tiger	9/2004	language (JSR 201): Enumerations, autoboxing, enhanced for loop, static import, vararg JSR 175: Annotations JSR 14: Generics java.util.concurrent java.util.Scanner RMI automatic stub generation
1.4	Merlin	2/2002	language: assert regular expressions JSR 51: NIO JSR 47: java.util.logging JSR 54: JDBC 3 (metadata API, autogenerated keys, transaction savepoints, multiple || resultsets/statement) security and cryptography
1.3	Kestrel	5/2000	HotSpot JVM RMI/CORBA support JNDI
1.2	Playground	12/1998	Collections Swing JIT compiler Browser plugin JDBC 2.1 (datasources, distributed transactions, connection pooling,RowSet, ResultSet backscrolling and updating )
1.1		2/1997	AWT events reorganisation inner classes JavaBeans JDBC RMI reflection
1.0		1/1996

Here's an overview of Java EE versions