Tag: programming
-
The Unusual Suspect: Git Repos
While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systemsGit is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping First…
-
Why your AppSec Tool Stack Is Failing in the Age of AI
The world of software development is changing fast. AI isn’t just influencing software it’s reshaping how software is written and the components it’s made of. First, AI-generated code is accelerating development. Code is produced faster, in larger volumes, and often without the same level of review or accountability as human-written code. Second, teams are.. First…
-
KI-Agenten gegen Hacker
Cycode hat in seiner AI-Native Application-Security-Platform eingeführt, ein agentenbasiertes KI-Framework für die Anwendungssicherheit. Die neuen KI-Agenten dienen der Abwehr komplexer Cyberattacken auf die Software-Supply-Chain.”‹ Die Verbreitung autonomer Systeme und KI-Agenten, die den Software-Development-Lifecycle (SDLC) adressieren, nimmt rasant zu. Dieser Shift definiert auch die Risikolandschaft neu und bedarf eines neuen Sicherheitsansatzes, der genauso schnell, […] First…
-
Ingram Micro confirms ransomware attack after days of downtime
Tags: attack, breach, control, incident response, monitoring, msp, programming, ransomware, resilience, risk, software, supply-chain, threatWeak links: tech supply chain targeted: This attack on Ingram Micro reflects a broader shift in threat actors focusing on increasingly targeting beyond software development firms to broader tech supply chain nodes to maximize disruption.Jain added that entities like distributors, MSPs, and logistics providers offer high leverage with relatively lower security maturity compared to large…
-
New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks
NSFOCUS Fuying Lab’s Global Threat Hunting System has discovered a new botnet family called >>hpingbot
-
13-Year-Old Dylan Joins Forces with Microsoft Security Response Center as the Youngest Security Researcher
Dylan, 13, has accomplished a remarkable achievement by becoming the youngest security researcher to work with the Microsoft Security Response Center (MSRC), leaving his mark on the history of cybersecurity. His journey from tinkering with Scratch, a visual programming language for creating games, to identifying critical vulnerabilities in Microsoft products showcases a rare blend of…
-
North Korean Hackers Target Crypto Firms with Novel macOS Malware
SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korea-crypto-macos-malware/
-
North Korean crypto thieves deploy custom Mac backdoor
North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
-
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Tags: communications, crypto, hacker, injection, korea, macOS, malware, north-korea, programming, threatThreat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.”Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” First seen…
-
RIFT: Open-Source Rust Malware Analyzer Released by Microsoft
Tags: cyber, cybercrime, exploit, intelligence, malware, microsoft, open-source, programming, rust, threat, toolAs cybercriminals and nation-state actors increasingly turn to the Rust programming language for malware development, Microsoft’s Threat Intelligence Center has unveiled a powerful new open-source tool called RIFT to help security analysts combat this growing threat. Rust, renowned for its speed, memory safety, and robustness, is now being exploited for its advantages in creating malware…
-
Uncle Sam wants you to use memory-safe programming languages
‘Memory vulnerabilities pose serious risks to national security and critical infrastructure,’ say CISA and NSA First seen on theregister.com Jump to article: www.theregister.com/2025/06/27/cisa_nsa_call_formemory_safe_languages/
-
Cybersecurity Snapshot: U.S. Gov’t Urges Adoption of Memory-Safe Languages and Warns About Iran Cyber Threat
Tags: access, advisory, ai, api, attack, authentication, best-practice, cisa, computer, computing, crypto, cryptography, cyber, cybersecurity, data, defense, encryption, exploit, finance, framework, google, governance, government, group, hacker, healthcare, infrastructure, injection, intelligence, Internet, iran, login, mfa, military, mitigation, mitre, network, nist, passkey, password, programming, ransomware, risk, rust, service, software, strategy, tactics, technology, terrorism, threat, tool, training, vulnerability, warfareCheck out the U.S. government’s latest call for developers to use memory-safe programming languages, as well as its warning for cybersecurity teams regarding cyber risk from hackers tied to Iran. Plus, get the latest on ransomware trends, the quantum computing cyber threat and more! Dive into five things that are top of mind for the…
-
Cisco warns of critical API vulnerabilities in ISE and ISE-PIC
Tags: access, ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisco, ciso, cloud, communications, control, credentials, data, defense, email, endpoint, exploit, firewall, flaw, framework, guide, Hardware, incident response, malicious, microsoft, mobile, network, penetration-testing, programming, risk, router, saas, sans, service, software, threat, update, vpn, vulnerability, wafroot user.The fault behind both vulnerabilities: Holes in application programming interfaces (APIs).”Take this vulnerability seriously,” said Moses Frost, senior course instructor on cloud penetration testing at the SANS Institute. “In my experience assessing networks, I have found through testing that many lack essential patches and security hardening on their core network devices. I have seen Cisco…
-
Hackers Using Malicious SonicWall VPN for Credential Theft
Trojanized NetExtender Installer Exfiltrates Data to Hardcoded IP Address. Fake versions of SonicWall VPN software contain a credential-stealing Trojan, the California network security company warned Monday. Imposter versions of tools such as VPNs, virtual desktops and software development tools are often laced with infostealers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-using-malicious-sonicwall-vpn-for-credential-theft-a-28815
-
AI Accelerates Code Generation, Risk for AppSec Teams
Contrast Security CTO Jeff Williams on How Attackers Exploit AI Code Generation. AI tools are not only accelerating software development but also attacker capabilities. It’s not that hard to write AI [codes] that will generate exploits and attack applications. It is lowering the bar and expanding the population of attackers, said Contrast Security CTO Jeff…
-
Vibe Coding – a Great Tool if You Know How to Use It
AI Assistants Accelerate Coding But Can Create Huge Risks for the Inexperienced When used well, vibe coding can unlock astonishing productivity and lower the barrier to getting ideas off the ground. But here’s the problem: Too many newcomers are mistaking it for a replacement for a deep understanding of coding and software development principles. First…
-
CISA Publishes Guide to Address Memory Safety Vulnerabilities in Modern Software Development
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), has released a comprehensive guide titled >>Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development.
-
NCSC Warns of SHOE RACK Malware Targeting Fortinet Firewalls via DOH SSH Protocols
The National Cyber Security Centre (NCSC) has issued a critical alert regarding a newly identified malware, dubbed SHOE RACK, which has been observed targeting Fortinet firewalls and other perimeter devices. Developed using the Go 1.18 programming language, this malicious software demonstrates a high level of sophistication by leveraging DNS-over-HTTPS (DoH) for command and control (C2)…
-
AdaCore Merges With CodeSecure for Unified Developer Tools
Merger Strengthens AdaCore’s Reach in C and C++ Static Testing for Embedded Systems. The merger between New York-based AdaCore and Washington D.C.-area CodeSecure fills a strategic gap in static analysis for C and C++ programming, giving embedded software developers a more complete suite of security and safety verification tools in high-stakes industries. First seen on…
-
Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
Iran’s state-owned TV broadcaster was hacked Wednesday night to interrupt regular programming and air videos calling for street protests against the Iranian government, according to multiple reports.It’s currently not known who is behind the attack, although Iran pointed fingers at Israel, per Iran International.”If you experience disruptions or irrelevant messages while watching various TV First…
-
ChatGPT’s AI coder Codex now lets you choose the best solution
ChatGPT’s Codex, which is an AI agent that lets you code and delegate programming tasks, is now testing a new feature that lets you choose the best solution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-ai-coder-codex-now-lets-you-choose-the-best-solution/
-
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
Cybersecurity researchers are calling attention to a “large-scale campaign” that has been observed compromising legitimate websites with malicious JavaScript injections.According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an “esoteric and educational programming style” that uses only a limited set of characters to write and execute code.…
-
New Cybersecurity Executive Order: What You Need To Know
Tags: ai, cisa, cloud, communications, compliance, computing, control, cyber, cybersecurity, data, defense, detection, encryption, exploit, fedramp, framework, government, identity, incident response, infrastructure, Internet, iot, network, office, privacy, programming, resilience, risk, service, software, supply-chain, technology, threat, update, vulnerability, vulnerability-management, zero-trustA new cybersecurity Executive Order aims to modernize federal cybersecurity with key provisions for post-quantum encryption, AI risk and secure software development. On June 6, 2025, the White House released a new Executive Order (EO) aimed at modernizing the nation’s cybersecurity posture. As cyber threats continue to evolve in scale and sophistication, the EO reinforces…
-
Why We’re Going All In on Application Protection – Impart Security
Tags: access, ai, application-security, attack, business, captcha, container, control, cybersecurity, detection, framework, infrastructure, intelligence, monitoring, network, programming, risk, software, startup, threat, tool, update, vulnerabilityWhen we started Impart, the cybersecurity world was obsessed with visibility. Every startup was racing to build the next agentless monitoring platform, building broad sets of product features across multiple areas while carefully sidestepping the unglamorous reality of actually securing anything. Coming from the world of WAF in the trenches of real security enforcement, this felt…
-
Contrast Security Combines Graph and AI Technologies to Secure Applications
Contrast Security today made available an update to its application detection and response platform that leverages graph and artificial intelligence (AI) technologies to provide security operations teams with a digital twin of the applications and associated application programming interfaces (APIs) that need to be secured. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/contrast-security-combines-graph-and-ai-technologies-to-secure-applications/