Information securityfromTheregister1 week agoGit identity spoof fools Claude into giving bad code the nodAI code reviewers can be deceived into approving malicious code by spoofing trusted developer identities using Git commands.
fromCSO Online9 months agoPrivacy professionalsHacker inserts destructive code in Amazon Q as update goes live
Information securityfromTheregister1 week agoGit identity spoof fools Claude into giving bad code the nodAI code reviewers can be deceived into approving malicious code by spoofing trusted developer identities using Git commands.
fromCSO Online9 months agoPrivacy professionalsHacker inserts destructive code in Amazon Q as update goes live
Privacy technologiesfromTheregister9 months agoStopping the rot when good software goes bad means new rulesModern software tools, unlike their historical counterparts, can act maliciously against users' intentions.
fromThe Hacker News9 months agoPrivacy technologiesMalicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
fromThe Hacker News9 months agoSoftware developmentNew Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
fromTechzine Global1 year agoArtificial intelligenceHackers abuse AI code assistants with hidden instructions
fromThe Hacker News9 months agoPrivacy technologiesMalicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
fromThe Hacker News9 months agoSoftware developmentNew Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
Artificial intelligencefromTechzine Global1 year agoHackers abuse AI code assistants with hidden instructionsResearchers uncover a new attack method that manipulates AI systems using configuration files, leading to undetected malicious code.
fromWIRED11 months agoAI Code Hallucinations Increase the Risk of 'Package Confusion' AttacksOnce the attacker publishes a package under the hallucinated name, containing some malicious code, they rely on the model suggesting that name to unsuspecting developers.Artificial intelligence
DevOpsfromInfoQ1 year agoCompromised GitHub Action Highlights Risks in CI/CD Supply ChainsA popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
