#app-bugs

[ follow ]
#cybersecurity #vulnerabilities #microsoft #software-development #vulnerability #patch-tuesday #vercel
Information security
fromSecuritymagazine
1 day ago

58% of Organizations Spend Over 10 Hours a Month Securing AI-generated Code

31% of organizations using AI-generated code spend 10 hours or less per month on validation and auditing, raising security concerns.
Software development
fromDevOps.com
4 days ago

Waydev Adds Ability to Track How Much AI Code Winds Up in Production - DevOps.com

Waydev's platform enhances DevOps by tracking AI coding tool impacts on workflows and ROI for software engineering teams.
DevOps
fromTechzine Global
9 hours ago

Emergency Update for Windows Server Following Reboot Issues

Microsoft released emergency updates for Windows Server to address LSASS crashes and installation issues following the April 2026 Patch Tuesday updates.
Mental health
fromSmashing Magazine
1 day ago

Session Timeouts: The Overlooked Accessibility Barrier In Authentication Design - Smashing Magazine

Poor session timeouts create significant accessibility barriers for users with disabilities, impacting their online experiences and tasks.
Vue
fromRaymondcamden
1 day ago

Building a Simple Markdown PWA App

A Markdown viewer app was built using Electron, focusing on simplicity and functionality for viewing Markdown files.
fromTheregister
17 hours ago

'Invisible mouse' made a mess of PC rebuild

After endlessly pulling the plug out, and plugging it in again, many reboots and lots of swearing, we finally discovered the problem. The new one was hidden under the PC's side casing.
Games
#ai-security
Artificial intelligence
fromTechRepublic
4 hours ago

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.
Information security
fromSecurityWeek
4 days ago

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.
Information security
fromTechzine Global
4 days ago

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.
Information security
fromInfoQ
6 days ago

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.
Artificial intelligence
fromTechRepublic
4 hours ago

The MCP Disclosure Is the AI Era's 'Open Redirect' Moment

The Model Context Protocol has a design flaw that enables AI supply chain attacks, posing a significant security risk to enterprise AI systems.
Information security
fromSecurityWeek
4 days ago

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.
Information security
fromTechzine Global
4 days ago

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.
Information security
fromInfoQ
6 days ago

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.
more#ai-security
#cybersecurity
Information security
fromThe Hacker News
9 hours ago

Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Third-party tools are exploited to gain internal access, highlighting a shift in attack strategies that bend trust rather than break systems.
Information security
fromTechCrunch
3 days ago

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.
Careers
fromSecuritymagazine
1 day ago

Advance Your Cybersecurity Career

Degrees and certifications in cybersecurity indicate foundational knowledge but hands-on experience and skills are more critical for success.
Information security
fromThe Hacker News
9 hours ago

Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Third-party tools are exploited to gain internal access, highlighting a shift in attack strategies that bend trust rather than break systems.
Information security
fromThe Hacker News
13 hours ago

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

A critical vulnerability in the Model Context Protocol allows remote code execution, affecting over 7,000 servers and compromising sensitive data.
Information security
fromSecurityWeek
16 hours ago

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

Hackers have targeted a vulnerability in discontinued TP-Link routers for a year without successful exploitation, according to Palo Alto Networks.
Information security
fromTechCrunch
3 days ago

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.
more#cybersecurity
Data science
fromNature
1 day ago

Got bugs? Here's how to catch the errors in your scientific software

Scientific coding is error-prone, often due to lack of training, making debugging an essential but under-taught skill for researchers.
fromSecurityWeek
14 hours ago

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, exposing enterprises and end users to avoidable risks.
Privacy professionals
Java
fromInfoQ
1 day ago

Java News Roundup: OpenJDK JEPs, Jakarta EE 12, Spring Framework, Micrometer, Camel, JBang

New Java features and updates include JEPs, Spring Framework maintenance, and Jakarta EE 12 advancements.
Web design
fromSpeckyboy Design Magazine
1 day ago

How AI Could Change Collaboration for Web Designers & Developers - Speckyboy

Connecting with web professionals enhances learning and productivity, while AI is transforming workflows and relationships in the industry.
Node JS
fromDEV Community
2 days ago

I got tired of wiring the same caching stack every project, so I built LayerCache

LayerCache simplifies caching by stacking multiple layers and handling cache misses efficiently.
Toronto startup
fromTheregister
3 days ago

'Technician Aura': the bugs that flee when you arrive

Technician Aura often causes tech issues to vanish when a technician is present, complicating troubleshooting efforts.
UX design
fromMedium
3 days ago

Your AI agent can read your codebase. It doesn't know your product.

AI coding agents lack design context, leading to generic outputs that don't align with a product's unique interaction patterns and brand identity.
Agile
fromdzone.com
3 days ago

Rethinking Risk in Agile Software Development

Agile must integrate risk management into workflows to avoid hidden risks and instability in complex software systems.
Productivity
fromZDNET
3 days ago

I found the apps slowing down my PC - how to kill the biggest memory hogs

Identifying and managing background processes can optimize PC performance and reduce memory usage.
Python
fromTalkpython
4 days ago

OWASP Top 10 (2025 List) for Python Devs

The OWASP Top 10 has been updated with significant changes including supply chain attacks and exceptional condition handling.
#microsoft
Privacy technologies
fromThe Verge
5 days ago

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.
Information security
fromTheregister
11 hours ago

Microsoft releases Windows Server update to fix April update

Microsoft released an out-of-band update to fix a restart loop issue affecting Windows Server devices after the April 2026 update.
Information security
fromTheregister
3 days ago

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.
Information security
fromTechRepublic
5 days ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.
Information security
fromComputerWeekly.com
6 days ago

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.
Information security
fromTheregister
6 days ago

Microsoft's massive Patch Tuesday: It's raining bugs

A spoofing vulnerability in Microsoft SharePoint Server was exploited before a fix was issued, allowing unauthorized access to sensitive information.
Privacy technologies
fromThe Verge
5 days ago

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.
Information security
fromTheregister
11 hours ago

Microsoft releases Windows Server update to fix April update

Microsoft released an out-of-band update to fix a restart loop issue affecting Windows Server devices after the April 2026 update.
Information security
fromTheregister
3 days ago

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.
Information security
fromTechRepublic
5 days ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.
Information security
fromComputerWeekly.com
6 days ago

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.
Information security
fromTheregister
6 days ago

Microsoft's massive Patch Tuesday: It's raining bugs

A spoofing vulnerability in Microsoft SharePoint Server was exploited before a fix was issued, allowing unauthorized access to sensitive information.
more#microsoft
#github
Tech industry
fromTheregister
5 days ago

Customers revolt as GitHub Copilot 'fixes' rate limits

GitHub is imposing usage limits on Copilot to alleviate server strain and improve service reliability.
DevOps
fromTheregister
38 minutes ago

Microsoft's GitHub suspends Copilot account sign-ups

GitHub has paused new Copilot subscriptions to manage resource demands and maintain service quality for existing customers.
Tech industry
fromTheregister
5 days ago

Customers revolt as GitHub Copilot 'fixes' rate limits

GitHub is imposing usage limits on Copilot to alleviate server strain and improve service reliability.
DevOps
fromTheregister
38 minutes ago

Microsoft's GitHub suspends Copilot account sign-ups

GitHub has paused new Copilot subscriptions to manage resource demands and maintain service quality for existing customers.
more#github
Web frameworks
fromInfoQ
6 days ago

Empower Your Developers: How Open Source Dependencies Risk Management Can Unlock Innovation

Improving security in open-source dependencies is essential for effective risk management and innovation.
fromTechCrunch
6 days ago

How vibe coding app Anything is rebuilding after getting booted from the App Store twice | TechCrunch

Dhruv Amin stated, 'We built a mobile app primarily to let our users who are building iOS apps preview their own app on their own device while developing it. [We] had no problems through December. Post December, we and everyone else in the category started getting our updates blocked.'
Apple
#vercel
fromSiliconANGLE
4 hours ago
Information security

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Information security
fromTechRepublic
7 hours ago

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.
Information security
fromSiliconANGLE
4 hours ago

Developer tooling provider Vercel discloses breach that exposed some users' data - SiliconANGLE

Vercel experienced a security breach through Context.ai, compromising limited customer data and employee information.
Information security
fromTechRepublic
7 hours ago

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirmed a security incident involving unauthorized access to internal systems, with a threat actor claiming to sell stolen company data.
more#vercel
fromInfoQ
1 day ago

Engineering Stable, Secure and Scalable Platforms: A Conversation with Matthew Liste

I was always a tinkerer, I guess. I grew up in the age where computers were not ubiquitous or common. An experience as a kid was instrumental in how my career happened.
DevOps
Software development
fromTechCrunch
3 days ago

"Tokenmaxxing" is making developers less productive than they think | TechCrunch

Measuring AI coding productivity should focus on output quality rather than input metrics like token budgets.
Productivity
fromMedium
4 days ago

How to prevent "You've hit your limit" when working with Claude Code

Reaching usage limits in Claude Code can hinder productivity, but there are practical tips to manage and reduce this risk.
DevOps
fromDevOps.com
4 days ago

From Code to Cloud: How Full-Stack Developers are Taking Over DevOps - DevOps.com

Full-stack engineers now integrate DevOps practices, managing the entire software process from code to cloud, emphasizing early testing and automation.
Software development
fromInfoQ
4 days ago

Meta Reports 4x Higher Bug Detection with Just-in-Time Testing

JiT testing improves software quality by dynamically generating tests during code review, enhancing bug detection by approximately 4x in AI-assisted environments.
DevOps
fromComputerWeekly.com
15 hours ago

Storage implications of a modern IT architecture | Computer Weekly

Organizations are increasingly using containers to modernize applications and manage both cloud-native and traditional workloads with Kubernetes.
#microsoft-defender
Information security
fromTechRepublic
6 hours ago

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three new security flaws in Microsoft Defender are actively exploited, with only one patched, allowing full SYSTEM-level access to attackers.
Information security
fromThe Hacker News
3 days ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.
Information security
fromTechRepublic
6 hours ago

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Three new security flaws in Microsoft Defender are actively exploited, with only one patched, allowing full SYSTEM-level access to attackers.
Information security
fromThe Hacker News
3 days ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.
more#microsoft-defender
Information security
fromTechzine Global
12 hours ago

Aikido Endpoint offers developers additional protection against supply chain attacks

Aikido Endpoint protects developers' endpoints from supply chain attacks by blocking high-risk installations before they reach the system.
Software development
fromTheregister
5 days ago

20-year-old Enlightenment E16 bug finally gets patched

Kamila Szewczyk fixed a 20-year-old bug in the Enlightenment E16 Linux window manager, emphasizing the value of maintaining older software.
DevOps
fromSecuritymagazine
5 days ago

Democratized Software, Democratized Risk: Who's Accountable When Everyone Codes?

AI-driven coding tools enable non-technical teams to create software, but they introduce vulnerabilities and require clear ownership and governance.
Software development
fromInfoWorld
5 days ago

Where will developer wisdom come from?

Agentic coding allows software creation without traditional developer wisdom, relying instead on AI like Claude Code for implementation and problem-solving.
DevOps
fromAzure DevOps Blog
5 days ago

One-click security scanning and org-wide alert triage come to Advanced Security - Azure DevOps Blog

New capabilities in Azure DevOps simplify application security with one-click CodeQL setup and a unified alerts experience for security teams.
DevOps
fromAzure DevOps Blog
6 days ago

April Patches for Azure DevOps Server - Azure DevOps Blog

Customers should update to the latest version of Azure DevOps Server for security and reliability.
#vulnerabilities
Information security
fromThe Hacker News
5 days ago

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.
Information security
fromThe Hacker News
5 days ago

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.
more#vulnerabilities
DevOps
fromMedium
1 week ago

Set it up once, test it properly, and let the system handle the rest.

Automating SSL certificate renewal prevents production outages and reduces stress during incidents.
Software development
fromDevOps.com
1 week ago

Appknox Adds AI Tool to Detect and Fix Vulnerabilities in Mobile Applications - DevOps.com

Appknox introduces AI to assess mobile app vulnerabilities and recommend fixes, enhancing the patching process for software engineering teams.
Software development
fromDevOps.com
2 weeks ago

Why Code Validation is the Next Frontier - DevOps.com

Shared staging environments are inadequate for modern development; isolated, on-demand setups are needed for effective validation.
Information security
fromDevOps.com
3 days ago

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.
#apache-activemq
Information security
fromTheregister
3 days ago

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.
Information security
fromSecurityWeek
3 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.
Information security
fromThe Hacker News
3 days ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.
Information security
fromTheregister
3 days ago

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.
Information security
fromSecurityWeek
3 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.
Information security
fromThe Hacker News
3 days ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.
more#apache-activemq
#nist
Information security
fromTechzine Global
4 days ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.
Information security
fromTechzine Global
4 days ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.
more#nist
Information security
fromSecurityWeek
4 days ago

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released fixes for high and medium-severity vulnerabilities in its products, including Splunk Enterprise, Cloud Platform, and MCP Server.
#cisco
Information security
fromThe Hacker News
4 days ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
4 days ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
Information security
fromThe Hacker News
4 days ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
4 days ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
more#cisco
fromSecurityWeek
2 months ago

How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development

This extends to the software development community, which is seeing a near-ubiquitous presence of AI-coding assistants as teams face pressures to generate more output in less time. While the huge spike in efficiencies greatly helps them, these teams too often fail to incorporate adequate safety controls and practices into AI deployments. The resulting risks leave their organizations exposed, and developers will struggle to backtrack in tracing and identifying where - and how - a security gap occurred.
Artificial intelligence
Information security
fromTheregister
5 days ago

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.
#adobe
Information security
fromSecurityWeek
6 days ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.
Information security
fromTechRepublic
6 days ago

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.
Information security
fromSecurityWeek
6 days ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.
Information security
fromTechRepublic
6 days ago

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.
more#adobe
Information security
fromSecurityWeek
5 days ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.
Information security
fromSecurityWeek
5 days ago

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.
Information security
fromThe Hacker News
6 days ago

New PHP Composer Flaws Enable Arbitrary Command Execution - Patches Released

Two high-severity vulnerabilities in Composer could allow arbitrary command execution through command injection flaws in the Perforce VCS driver.
Information security
fromSecurityWeek
6 days ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.
Information security
fromTechzine Global
6 days ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.
Information security
fromSecurityWeek
6 days ago

SAP Patches Critical ABAP Vulnerability

SAP released 20 new and updated security notes addressing critical vulnerabilities, including a severe SQL injection flaw with a CVSS score of 9.9.
[ Load more ]