The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

The AI powered path to Tech Simplification and Tech Debt Management in BFSI

Continuous tech-debt monitoring & governance Tech debt removal is typically reactive and ad-hoc exercise. AI can help run periodic scans, update debt scores, and feed insights into tech governance ...
Tech Xplore

New framework helps AI systems recover from mistakes and find optimal solutions

If you use consumer AI systems, you have likely experienced something like AI "brain fog": You are well into a conversation ...
The Hacker News

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. "The campaign introduces a new ...
VentureBeat

Meet Aardvark, OpenAI’s security agent for code analysis and patching

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...
PCGamesN

Minecraft modding is about to change forever as Mojang announces huge Java Edition news

Mojang has dropped some huge news for Minecraft Java players - especially those that love to mod. While the modding scene is already thriving in Minecraft, it's not as accessible as you'd expect for ...
Ars Technica

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...
VentureBeat

Codev lets enterprises avoid vibe coding hangovers with a team of agents that generate and document code

For many software developers using generative AI, vibe coding is a double-edged sword. The process delivers rapid prototypes but often leaves a trail of brittle, undocumented code that creates ...
Dark Reading

Red Hat Investigates Widespread Breach of Private GitLab Repositories

Red Hat has confirmed a security incident that impacted its GitLab instance after a threat actor claimed to have breached tens of thousands of the Linux software-maker's private repositories. In an ...
TechRepublic

How GitHub Is Securing the Software Supply Chain

A surge in supply chain attacks has put open-source software risk, prompting GitHub to strengthen security across its npm ecosystem. The company, which operates the world’s largest code repository, is ...