Tag: programming
-
Fake Tools and CDNs Power New “Vibe-Coded” Malware Campaign
‘Vibe coding’ has moved from buzzword to battleground, and a new malware campaign shows how attackers are abusing AI-assisted development to scale their operations with minimal effort. Vibe coding, a term popularized in early 2025 to describe programming by prompting large language models instead of writing code manually, has rapidly spread across developer communities and…
-
OpenAI Introduces GPT-5.4 Mini and Nano for Faster, Lightweight AI Performance
OpenAI has officially launched GPT-5.4 mini and GPT-5.4 nano, introducing high-efficiency models optimized for automated workflows, coding subagents, and latency-sensitive deployments. These models are designed to reduce application programming interface (API) overhead while maintaining complex reasoning capabilities, making them highly relevant for professionals scaling automated data extraction or telemetry analysis pipelines. Architecture and Capability Enhancements…
-
Announcing native MCP Server in SonarQube Cloud
The rise of AI-assisted software development has introduced a new bottleneck: code verification. While AI can generate code at unprecedented speeds, manually verifying that code for quality and security often breaks a software developer’s flow. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/announcing-native-mcp-server-in-sonarqube-cloud/
-
North Korean fake IT worker tradecraft exposed
Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
-
North Korean fake IT worker tradecraft exposed
Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
-
What Makes India a Preferred Destination for Software Development, Innovation, and AI in 2026?
India software development outsourcing in 2026 is no longer about labor arbitrage. It is about capability density, AI engineering depth, digital product velocity, and the…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/03/what-makes-india-a-preferred-destination-for-software-development-innovation-and-ai-in-2026/
-
Das Gros der Tech-Entscheider sieht agentenbasierte KI als Alternative zur traditionellen Softwareentwicklung
Reply veröffentlicht die Studie ‘From Code to Control: AI’s Takeover of Software Development Lifecycle”, eine von Forrester Consulting durchgeführte Untersuchung. Dafür wurden 536 IT-Führungskräfte in Europa und den USA befragt. Die Ergebnisse zeigen den schrittweisen Übergang von einfachen KI-Coding-Assistenten zu autonomen Agenten, die den gesamten Software-Development-Life-Cycle (SDLC) eigenständig orchestrieren. Die Studie markiert einen Wendepunkt für die…
-
Report Surfaces Higher Correlation Between API and AI Security
An analysis of 67,058 published vulnerabilities from 2025 finds 11,053, or 17%, are related to application programming interfaces (APIs). Conducted by Wallarm, the 2026 API ThreatStats Report also notes that 43% of the additions made in 2025 to the Known Exploited Vulnerabilities (KEV) catalog maintained by the Cybersecurity and Infrastructure Security Agency (CISA) involved API……
-
APT36 unleashes AI-generated ‘vibeware’ to flood targets
The Pakistani threat group has been using AI to rewrite malicious code across multiple programming languages, prioritising scale over sophistication to evade detection, security researchers have found First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639830/APT36-unleashes-AI-generated-vibeware-to-flood-targets
-
North Korean agents using AI to trick western firms into hiring them, Microsoft says
Firm says AI tools are masking identities of false applicants, who then funnel wages from remote IT jobs to North KoreaFake IT workers deployed by North Korea are using AI technology, including voice-changing tools, to trick western companies into hiring them, Microsoft has said.The US tech firm said a signature Pyongyang money-raising ruse is being…
-
Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants.The activity is designed to produce a “high-volume, mediocre mass of implants” that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services…
-
Teenage hacker myth primed for a middle-age criminal makeover
Tags: access, breach, business, corporate, crypto, cyber, cybercrime, cybersecurity, data, detection, extortion, finance, group, hacker, hacking, infrastructure, jobs, malware, network, penetration-testing, programming, ransomware, service, skills, software, technology, threat, vulnerabilityCybercrime cartels: Dray Agha, senior security operations manager at managed detection and response services firm Huntress, said the analysis illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated since the threat landscape is dominated by “highly organised, profit-driven syndicates.””While young people may still engage in digital vandalism…
-
Software Development Practices Help Enterprises Tackle Real-Life Risks
Organizations can borrow secure-by-design processes to manage non-technical challenges like governance or the inevitable human error. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/software-development-practices-help-enterprises-tackle-real-life-risks
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
NDSS 2025 A Comparative Evaluation Of Large Language Models In Vulnerability Detection
Session 14C: Vulnerability Detection Authors, Creators & Presenters: Jie Lin (University of Central Florida), David Mohaisen (University of Central Florida) PAPER From Large to Mammoth: A Comparative Evaluation of Large Language Models in Vulnerability Detection Large Language Models (LLMs) have demonstrated strong potential in tasks such as code understanding and generation. This study evaluates several…
-
The Evolution of OSS Index in the Age of AI
<div cla In the past 12 months, enterprise software development has changed faster than at any other point in our lifetime. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-evolution-of-oss-index-in-the-age-of-ai/
-
RSAC Conference Expands Community Focus in 2026
Connection Hub, AI Content and Global Keynotes on This Year’s Agenda. RSAC Conference 2026 will celebrate its 35th anniversary next month with new community spaces, expanded AI programming and a global keynote lineup. From agentic AI and incident response to international leaders and hands-on learning labs, this year’s event spotlights the power of community. First…
-
NDSS 2025 Enhancing Security In Third-Party Library Reuse
Tags: conference, detection, Internet, network, open-source, programming, software, tool, update, vulnerabilitySession 14A: Software Security: Applications & Policies Authors, Creators & Presenters: Shangzhi Xu (The University of New South Wales), Jialiang Dong (The University of New South Wales), Weiting Cai (Delft University of Technology), Juanru Li (Feiyu Tech), Arash Shaghaghi (The University of New South Wales), Nan Sun (The University of New South Wales), Siqi Ma…
-
NDSS 2025 Retrofitting XoM For Stripped Binaries Without Embedded Data Relocation
Tags: attack, conference, control, data, Hardware, Internet, network, programming, software, threat, update, vulnerabilitySession 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Chenke Luo (Wuhan University), Jiang Ming (Tulane University), Mengfei Xie (Wuhan University), Guojun Peng (Wuhan University), Jianming Fu (Wuhan University) PAPER Retrofitting XoM For Stripped Binaries Without Embedded Data Relocation System programs are frequently coded in memory-unsafe languages such as C/C++, rendering them susceptible…
-
AI-Driven Development Fuels Surge in Open Source Vulnerabilities, Black Duck Finds
A sharp rise in AI-assisted software development is driving unprecedented increases in open source security and licensing risk, according to new research from Black Duck. The company’s 2026 Open Source Security and Risk Analysis (OSSRA) report reveals that vulnerabilities in commercial software codebases have more than doubled year-on-year, highlighting growing concerns that organisations are producing…
-
Flaws in Claude Code Put Developers’ Machines at Risk
The vulnerabilities highlight a big drawback to integrating AI into software development workflows and the potential impact on supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/flaws-claude-code-developer-machines-risk
-
NDSS 2025 Generating API Parameter Security Rules With LLM For API Misuse Detection
Session 13B: API Security Authors, Creators & Presenters: Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai…
-
How Exposed Endpoints Increase Risk Across LLM Infrastructure
As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the…
-
NDSS 2025 A Comprehensive Study Of Security Risks In Deno And Its Ecosystem
Tags: access, api, attack, conference, control, Internet, network, programming, risk, rust, software, supply-chainSession 13A: JavaScript Security Authors, Creators & Presenters: Abdullah AlHamdan (CISPA Helmholtz Center for Information Security), Cristian-Alexandru Staicu (CISPA Helmholtz Center for Information Security) PAPER Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its Ecosystem Node.js and its ecosystem npm are notoriously insecure, enabling the proliferation of supply chain attacks.…
-
Why LLMs Make Terrible Databases and Why That Matters for Trusted AI
<div cla Large language models (LLMs) are now embedded across the SDLC. They summarize documentation, generate code, explain vulnerabilities, and assist with architectural decisions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/why-llms-make-terrible-databases-and-why-that-matters-for-trusted-ai/
-
Flaws in Popular Software Development App Extensions Allow Data Exfiltration
Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/vulnerabilities-vs-code-cursor/
-
Critical Security Flaws Discovered in Four VS Code Extensions Affecting Millions
Researchers have uncovered vulnerabilities in four widely used VS Code extensions, collectively installed more than 125 million times, raising renewed concerns about the security of the modern software development supply chain. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/vs-code-extensions-supply-chain-security-flaws/
-
8,000+ ChatGPT API Keys Left Publicly Accessible
The rapid integration of artificial intelligence into mainstream software development has introduced a new category of security risk, one that many organizations are still unprepared to manage. According to research conducted by Cyble Research and Intelligence Labs (CRIL), thousands of exposed First seen on thecyberexpress.com Jump to article: thecyberexpress.com/exposed-chatgpt-api-keys-github-websites/