#malicious-code tag

3 weeks ago

Privacy technologies

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

1 month ago

Software development

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

Artificial intelligence

Hackers abuse AI code assistants with hidden instructions

Researchers uncover a new attack method that manipulates AI systems using configuration files, leading to undetected malicious code.

Software development

New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors

fromMashable ME

7 months ago

Hackers take over Google Chrome extensions in cyberattack

Hackers compromised multiple Chrome extensions to steal sensitive user data through a phishing attack on developers during the Christmas season.

3 weeks ago

Privacy technologies

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

1 month ago

Software development

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

Artificial intelligence

Hackers abuse AI code assistants with hidden instructions

Researchers uncover a new attack method that manipulates AI systems using configuration files, leading to undetected malicious code.

Software development

New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors

fromMashable ME

7 months ago

Hackers take over Google Chrome extensions in cyberattack

Hackers compromised multiple Chrome extensions to steal sensitive user data through a phishing attack on developers during the Christmas season.

more#cybersecurity

fromWIRED

AI Code Hallucinations Increase the Risk of 'Package Confusion' Attacks

Once the attacker publishes a package under the hallucinated name, containing some malicious code, they rely on the model suggesting that name to unsuspecting developers.

Artificial intelligence

DevOps

fromInfoQ

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.

Vulnerability in Veeam Backup & Replication gives hackers access to backup servers

Veeam warns of a critical RCE vulnerability that could allow cybercriminals to hack backup servers linked to a domain.

fromDatabreaches

Texas Man Convicted of Sabotaging his Employer's Computer Systems and Deleting Data

Davis Lu was convicted of deploying malicious code to sabotage his former employer's network after his responsibilities were reduced, leading to significant financial losses.

Tech industry

fromITPro

5 months ago

'GitVenom' campaign uses dodgy GitHub repositories to spread malware

Security researchers warn of a campaign using GitHub to distribute malware through fake repositories.

Threat actors created over 200 repositories with malicious code, misleading README files, and diverse programming languages.

fromDeveloper Tech News

5 months ago

Matan Giladi, Apiiro: Guarding your code against malicious patterns

Malicious code remains a significant threat, highlighting the need for better security tools in software supply chains.

Apiiro has introduced open-source tools to enhance security against malicious code attacks.