Tag: programming
-
GitHub Copilot’s New Agent Mode Enables Autonomous Code Completion
by
in SecurityNewsGitHub has once again raised the bar for productivity in software development with the launch of its revolutionary >>Agent Mode
-
Attackers hide malicious code in Hugging Face AI model Pickle files
by
in SecurityNews
Tags: ai, data, github, malicious, ml, open-source, programming, remote-code-execution, risk, service, software, threat, tool, vulnerabilityLike all repositories of open-source software in recent years, AI model hosting platform Hugging Face has been abused by attackers to upload trojanized projects and assets with the goal of infecting unsuspecting users. The latest technique observed by researchers involves intentionally broken but poisoned Python object serialization files called Pickle files.Often described as the GitHub…
-
Lazarus Group tricks job seekers on LinkedIn with crypto-stealer
by
in SecurityNewsNorth Korea-linked Lazarus Group is duping job seekers and professionals in an ongoing campaign that runs a LinkedIn recruiting scam to capture browser credentials, steal crypto wallet data, and launch persistence.According to a discovery made by BitDefender Labs, threat actors reach out with fake LinkedIn job offers to lure the victims into downloading and executing…
-
Go Module Mirror served backdoor to devs for 3+ years
by
in SecurityNewsSupply chain attack targets developers using the Go programming language. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/02/backdoored-package-in-go-mirror-site-went-unnoticed-for-3-years/
-
Crypto-stealing iOS, Android malware found on App Store, Google Play
by
in SecurityNewsA number of iOS and Android apps on Apple’s and Google’s official app stores contain a software development kit (SDK) that allows them to exfiltrate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/05/crypto-stealing-ios-android-malware-found-on-app-store-google-play-sparkcat-malicious-sdk/
-
Poisoned Go programming language package lay undetected for 3 years
by
in SecurityNews
Tags: programmingResearcher says ecosystem’s auto-caching is a net positive but presents exploitable quirks First seen on theregister.com Jump to article: www.theregister.com/2025/02/04/golang_supply_chain_attack/
-
Why Some Source Code Files Shouldn’t Be Managed via Git-Based Version Control
by
in SecurityNewsThe ubiquitous version control system, Git, has revolutionised software development workflows with its robust set of capabilities. It simplifies the tracking of code changes, enables seamless branching and merging, and facilitates tight collaboration. Today, more than 100 million developers worldwide use the GitHub platform alone. However, Git is not always a suitable solution for all…
-
Lazarus Group Exploits Trusted Apps for Data Theft via Dropbox
by
in SecurityNews
Tags: crypto, cyber, data, espionage, exploit, group, infrastructure, korea, lazarus, north-korea, programming, software, technology, theft, toolIn an alarming development, North Korea’s infamous Lazarus Group has been linked to a global cyber espionage campaign, code-named Operation Phantom Circuit. Beginning in September 2024, this operation exploited trusted software development tools to infiltrate systems worldwide, targeting cryptocurrency and technology developers. The campaign’s advanced obfuscation techniques and infrastructure demonstrate a significant evolution in the…
-
Empowering Teams with Secure API Management
by
in SecurityNewsWhy is Secure API Management Essential for Team Empowerment? Is API management a critical aspect of your organization’s cybersecurity strategy? It should be. APIs, or Application Programming Interfaces, are the engines that power today’s digital ecosystem. They enable systems to communicate, allowing for streamlined operations and improved productivity. However, incorrectly managed APIs expose businesses to……
-
‘Severe’ bug in ChatGPT’s API could be used to DDoS websites
by
in SecurityNewsThe vulnerability, described by a researcher as “bad programming,” allows an attacker to send unlimited connection requests through ChatGPT’s API. First seen on cyberscoop.com Jump to article: cyberscoop.com/ddos-openai-chatgpt-api-vulnerability-microsoft/
-
ChatGPT API flaws could allow DDoS, prompt injection attacks
by
in SecurityNewsOpenAI-owned ChatGPT might have a vulnerability that could allow threat actors to launch distributed denial of service (DDoS) attacks on unsuspecting targets. According to a discovery made by German security researcher Benjamin Flesch, the ChatGPT crawler, which OpenAI uses to collect data from the internet to improve ChatGPT, can be tricked into DDoSing arbitrary websites. “ChatGPT crawler…
-
API Security’s Role in Responsible AI Deployment
by
in SecurityNewsBy now, you will almost certainly be aware of the transformative impact artificial intelligence (AI) technologies are having on the world. What you may not be aware of, however, is the role Application Programming Interfaces (APIs) are playing in the AI revolution. The bottom line is that APIs are critical to AI systems but […]…
-
SDLC Gap Analysis: Requirement For Organization
by
in SecurityNewsGap Analysis within the Software Development Life Cycle (SDLC) involves identifying insufficient security measures, and compliance shortcomings throughout the software development process, from start to finish. It is to ensure that proper security needs are implemented from the initial design stages to deployment and maintenance. Ignoring SDLC gaps can cause project failures with catastrophic consequences….…
-
How organizations can secure their AI code
by
in SecurityNews
Tags: ai, application-security, awareness, backdoor, breach, business, chatgpt, ciso, compliance, control, credentials, crime, cybersecurity, data, data-breach, finance, github, healthcare, LLM, malicious, ml, open-source, organized, programming, risk, risk-management, software, startup, strategy, supply-chain, technology, tool, training, vulnerabilityIn 2023, the team at data extraction startup Reworkd was under tight deadlines. Investors pressured them to monetize the platform, and they needed to migrate everything from Next.js to Python/FastAPI. To speed things up, the team decided to turn to ChatGPT to do some of the work. The AI-generated code appeared to function, so they…
-
How to Eliminate “Shadow AI” in Software Development
by
in SecurityNewsWith a security-first culture fully in play, developers will view the protected deployment of AI as a marketable skill, and respond accordingly. The post How to Eliminate “Shadow AI” in Software Development appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/how-to-eliminate-shadow-ai-in-software-development/
-
Biden’s final push: Using AI to bolster cybersecurity standards
by
in SecurityNews
Tags: access, ai, attack, china, cisa, compliance, cyber, cyberattack, cybersecurity, data, defense, detection, email, exploit, finance, framework, government, hacker, incident, infrastructure, intelligence, office, privacy, programming, resilience, risk, software, strategy, technology, threat, vulnerabilityIn a decisive move to strengthen national cybersecurity, President Joe Biden is poised to sign an executive order imposing stringent security standards for federal agencies and contractors. Scheduled for publication in the coming days, the directive will emphasize integrating artificial intelligence (AI) into cyber defense strategies while addressing systemic vulnerabilities in software security, reported Reuters.This…
-
DEF CON 32 Programming A CTS-V Gauge Cluster Into An ATS-V: Out Of Pure Spite
by
in SecurityNewsAuthor/Presenter: Varjitt Jeeva Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/def-con-32-programming-a-cts-v-gauge-cluster-into-an-ats-v-out-of-pure-spite/
-
Challenges and Solutions in API Security
by
in SecurityNewsAre Organizations Fully Grasping the Importance of API Security? It is surprising how often businesses underestimate the importance of Application Programming Interface (API) security while navigating the digital landscape. This concern arises due to the significant rise in API-centric applications. While APIs offer countless benefits, they also pose substantial cybersecurity challenges. So, how well are……
-
CISA Issues New Goals to Strengthen IT Cybersecurity
by
in SecurityNewsCISA Urges IT and Design Sector Software Developers to Improve Cyber Hygiene. The Cybersecurity and Infrastructure Security Agency is urging the information technology and design sector to strengthen foundational cybersecurity practices throughout the software development lifecycle by aiming to achieve a series of new sector-specific goals released Tuesday. First seen on govinfosecurity.com Jump to article:…
-
Part 15: Function Type Categories
by
in SecurityNewsOn Detection: Tactical to Functional Seven Ways to View API Functions Introduction Welcome back to Part 15 of the On Detection: Tactical to Functional blog series. I wrote this article to serve as a resource for those attempting to create tool graphs to describe the capabilities of the attacker tools or malware samples they encounter.…
-
Exabeam Extends Scope and Reach of SIEM Platform
by
in SecurityNewsExabeam today added a bevy of capabilities to its New-Scale Security Operations Platform, including support for open application programming interface (API) and an ability to search data stored in the LogRhythm security information event management (SIEM) platform it acquired last year. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/exabeam-extends-scope-and-reach-of-siem-platform/
-
Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting
by
in SecurityNews
Tags: ai, api, apt, attack, bug-bounty, business, chatgpt, cloud, computing, conference, credentials, cve, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, email, exploit, finance, firewall, flaw, framework, github, government, group, guide, hacker, hacking, incident response, injection, LLM, malicious, microsoft, open-source, openai, penetration-testing, programming, rce, RedTeam, remote-code-execution, service, skills, software, sql, tactics, threat, tool, training, update, vulnerability, waf, zero-dayGenerative AI has had a significant impact on a wide variety of business processes, optimizing and accelerating workflows and in some cases reducing baselines for expertise.Add vulnerability hunting to that list, as large language models (LLMs) are proving to be valuable tools in assisting hackers, both good and bad, in discovering software vulnerabilities and writing…
-
Secure by design vs by default which software development concept is better?
by
in SecurityNews
Tags: access, api, application-security, attack, business, cisa, cloud, control, cyber, cybersecurity, data, data-breach, exploit, framework, guide, Hardware, infrastructure, malicious, mfa, nist, programming, resilience, risk, saas, security-incident, service, software, supply-chain, technology, threat, tool, update, vulnerabilityAs cybersecurity professionals, we need to know that the software products we acquire are safe and able to support or accommodate the procedures and tools we use to keep attackers at bay while performing their given functions.With attacks perennially on the rise and the software supply chain remaining as vulnerable as ever, there is momentum…