Skip to main content

Tag: software development

134 articles

XCSSET malware: Stunning, Dangerous Supply-Chain Threat

XCSSET malware: Stunning, Dangerous Supply-Chain Threat

Microsoft warns that XCSSET — a persistent macOS malware — has evolved to hide inside Xcode project files, so compromised developer builds can silently steal crypto, disable defenses, and spread to users. Developers and teams should lock down build environments, tighten project integrity checks, and treat supply‑chain security as mission‑critical to keep apps and users safe.

Analyst 207
malicious AI agent: Stunning Dangerous Email-Theft Threat

malicious AI agent: Stunning Dangerous Email-Theft Threat

Researchers say a seemingly legit npm package linked projects to a remote AI agent server that crawled and siphoned email content — possibly the first malicious “MCP” seen in the wild. It’s a wake‑up call to vet dependencies, tighten supply chains, and monitor CI/network egress before agentic AI becomes a standard attack tool.

Analyst 207
AkdoorTea backdoor: Exclusive Dangerous Threat to Devs

AkdoorTea backdoor: Exclusive Dangerous Threat to Devs

A new North Korea-linked campaign called DeceptiveDevelopment is planting a stealthy backdoor, AkdoorTea, in developer environments worldwide—threatening repositories, build systems, and crypto projects across Windows, macOS, and Linux. If you build or maintain crypto or open-source tooling, now’s the time to lock down keys, enforce MFA, and monitor developer endpoints before a single compromised laptop turns into a major breach.

Analyst 207
Indian suppliers Risky: Stunning Global Breach Threat

Indian suppliers Risky: Stunning Global Breach Threat

A new report shows 53% of Indian vendors suffered third‑party breaches last year, spotlighting how one compromised supplier can cascade into global cyber crises and why supply‑chain security must be a shared priority.

Analyst 207
execute arbitrary code: Stunning Risky Cursor Flaw

execute arbitrary code: Stunning Risky Cursor Flaw

Imagine opening a repo and it runs code without asking — Cursor, an AI-powered editor, can be tricked into silently executing arbitrary scripts from a crafted repository, putting your machine and credentials at risk. Until safer defaults arrive, treat untrusted repos like unknown executables: sandbox them, audit files first, and enable strict prompts for project-initiated execution.

Analyst 207
Cursor Visual Studio extension: Stunning Risky Flaw

Cursor Visual Studio extension: Stunning Risky Flaw

A newly disclosed autorun flaw in the Cursor Visual Studio extension can let a repo run arbitrary code just by opening it—audit your extensions, open untrusted projects in isolated VMs or containers, and update or disable Cursor until it’s patched.

Analyst 207
supply chain attack: Stunning Near-Miss, Risky Lessons

supply chain attack: Stunning Near-Miss, Risky Lessons

A fast, coordinated open‑source response helped avert what could have been a massive npm supply‑chain breach, but the near miss raises urgent questions for developers, maintainers and policymakers about dependency hygiene, registry controls and long‑term resilience.

Analyst 207
Claude Code Risky: Stunning Security Alert

Claude Code Risky: Stunning Security Alert

When AI tools like Anthropic’s Claude Code start both reviewing and running code, they can speed up vulnerability discovery—but Checkmarx warns that automated execution also introduces fresh risks like secret leaks, weak isolation, and novel attack surfaces. The takeaway: automation can be a powerful safety boost, but only when paired with strict sandboxes, logging, and skeptical human oversight.

Analyst 207
Salesloft GitHub repository Massive Risky Breach

Salesloft GitHub repository Massive Risky Breach

A March compromise of a Salesloft GitHub repo was used to pivot into Drift, touching hundreds of companies — including Google, Palo Alto Networks and Cloudflare — and exposing how fragile software supply chains and leaked tokens can be. Now’s the time to assume compromise: scan repos for secrets, rotate credentials, lock down permissions, and demand better transparency from your vendors.

Analyst 207
GhostAction Shocking Breach: Devs’ Worst Nightmare

GhostAction Shocking Breach: Devs’ Worst Nightmare

Imagine your CI tools quietly siphoning off keys — that’s GhostAction, a supply-chain campaign that weaponized GitHub Actions and packages to leak over 3,000 secrets across hundreds of repos. Take it as a wake-up call: rotate exposed credentials, pin and vet actions, and tighten workflow permissions before convenience turns into catastrophe.

Analyst 207
AI-powered ransomware: Risky, Stunning Threat

AI-powered ransomware: Risky, Stunning Threat

What happens when a harmless research project turns into a blueprint for crime? The first AI-powered ransomware shows how generative models can automate and personalize attacks, forcing researchers, defenders, and policymakers to rethink openness, oversight, and preparedness.

Analyst 207
malicious npm package: Risky Crypto-Theft Exclusive Alert

malicious npm package: Risky Crypto-Theft Exclusive Alert

A malicious npm package posing as the popular nodemailer email library slipped into projects with one line of dependency and carried code designed to siphon cryptocurrency—showing how a single careless install can turn a routine dependency into a financial threat. Audit your dependencies, pin versions, and use supply‑chain tools—convenience shouldn’t cost you your wallet.

Analyst 207
AI-generated code: Risky Threats & Must-Have Fixes

AI-generated code: Risky Threats & Must-Have Fixes

A new Checkmarx study reveals a surprising and worrying trend: AI-generated code now makes up over 60% of some codebases—and much of it contains known vulnerabilities—so the same tools that speed development can also widen your attack surface. Treat AI suggestions like draft work: add automated scans, clear guardrails, and reviewer sign-off to keep convenience from turning into a systemic security risk.

Analyst 207
artificial intelligence: Must-Have, Best Defense Edge

artificial intelligence: Must-Have, Best Defense Edge

As the Pentagon partners with commercial AI innovators, faster decision-making, smarter logistics, and safer human‑machine teaming are within reach — but success hinges on building strong safeguards so innovation never outpaces accountability. Getting that balance right will determine whether AI becomes a decisive defense advantage or a risky misstep.

Analyst 207
DevSecOps: Must-Have Best Practices for Ultimate Security

DevSecOps: Must-Have Best Practices for Ultimate Security

Join NIST NCCoE’s virtual event on August 27, 2025 to learn practical DevSecOps best practices from leading experts and discover how to weave security into every step of your software lifecycle. With cybercrime costs soaring, this is your chance to balance speed and safety through automation, compliance tips, and real-world lessons that make your software more resilient.

Analyst 207
Secure Software Development: Must-Have Best Practices

Secure Software Development: Must-Have Best Practices

Worried about the security of the software we all depend on? Join NIST NCCoE’s interactive DevSecOps virtual event on August 27, 2025, to hear experts, learn practical secure development practices, and help turn security from an afterthought into a foundation for every project.

Analyst 207
SharePoint RCE flaw: Urgent Critical Patch Warning

SharePoint RCE flaw: Urgent Critical Patch Warning

Microsoft has released an urgent out-of-band patch for a critical SharePoint RCE vulnerability being actively exploited—apply the update to all on-premises servers now to prevent data theft, lateral movement, or ransomware. Verify previous mitigations, ramp up monitoring, and ensure backups and incident plans are ready to limit any damage.

Analyst 207
npm package malware: Must-Have Best Defenses

npm package malware: Must-Have Best Defenses

Think a routine dependency update is harmless? The recent npm malware attack—where phishers stole maintainer tokens to publish malicious versions of five popular packages—proves supply-chain trust can be shattered and why maintainers, consumers, and registries must act now to enforce 2FA, rotate tokens, and verify publish provenance.

Analyst 207
ZuRu Critical Threat: Exclusive Must-Have Defense

ZuRu Critical Threat: Exclusive Must-Have Defense

A new ZuRu malware strain is quietly targeting macOS developer machines and toolchains, putting builds, secrets, and the entire software supply chain at risk. Harden workstations, isolate builds, and secure credentials now to prevent a single compromised device from triggering a widespread breach.

Analyst 207
North Korean Hackers Intensify Campaign with New Malware Loader

North Korean Hackers Intensify Campaign with New Malware Loader

North Korean hackers have taken their game to a new level, sneaking a dangerous malware loader into the trusted npm registry—putting thousands of developers and organizations at risk without them even knowing it. Stay ahead of the threat that’s shaking the very foundation of software supply chains worldwide.

Analyst 207
North Korean Hackers Widen Contagious Interview Malware Campaign

North Korean Hackers Widen Contagious Interview Malware Campaign

Think twice before downloading that interview prep package—North Korean hackers are stealthily slipping dangerous malware into popular npm tools, turning trusted resources into digital traps for developers worldwide.

Analyst 207
The Unusual Suspect in Code: How Git Repos Impact Security

The Unusual Suspect in Code: How Git Repos Impact Security

Think Git is just a collaboration tool? Think again—exposed Git repositories are quietly fueling some of today’s biggest security breaches by leaking sensitive data right under our noses.

Analyst 207
The Unusual Suspect in Coding: Understanding Git Repos

The Unusual Suspect in Coding: Understanding Git Repos

Think exposed Git repositories are harmless? Think again—these hidden gateways quietly grant hackers unseen access, turning everyday coding mishaps into major security nightmares.

Analyst 207
Over 600 Laravel Apps Risk Remote Code Execution from Leaked APP_KEYs

Over 600 Laravel Apps Risk Remote Code Execution from Leaked APP_KEYs

Over 600 Laravel apps are at serious risk as leaked APP_KEYs open the door for hackers to run malicious code remotely—here’s what every developer needs to know to protect their projects.

Analyst 207