Privacy professionalsfromCSO Online6 months agoHacker inserts destructive code in Amazon Q as update goes liveMalicious actors exploit AI tools due to insufficient security measures, leading to serious vulnerabilities in software supply chains.
Privacy technologiesfromTheregister7 months agoStopping the rot when good software goes bad means new rulesModern software tools, unlike their historical counterparts, can act maliciously against users' intentions.
fromThe Hacker News7 months agoPrivacy technologiesMalicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
fromThe Hacker News7 months agoSoftware developmentNew Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
fromTechzine Global10 months agoArtificial intelligenceHackers abuse AI code assistants with hidden instructions
fromThe Hacker News7 months agoPrivacy technologiesMalicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
fromThe Hacker News7 months agoSoftware developmentNew Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
Artificial intelligencefromTechzine Global10 months agoHackers abuse AI code assistants with hidden instructionsResearchers uncover a new attack method that manipulates AI systems using configuration files, leading to undetected malicious code.
fromWIRED9 months agoAI Code Hallucinations Increase the Risk of 'Package Confusion' AttacksOnce the attacker publishes a package under the hallucinated name, containing some malicious code, they rely on the model suggesting that name to unsuspecting developers.Artificial intelligence
DevOpsfromInfoQ10 months agoCompromised GitHub Action Highlights Risks in CI/CD Supply ChainsA popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
