#CodeSecurity

Cybersecurity News Everyday

@hendryadrian.bsky.social

12 hours ago

AI Coding Tools Default to Insecure Patterns: The 5-Minute Rules File Fix AI coding tools trained on public codebases tend to default to insecure patterns, and persistent security rules files can enforce safer outputs. Attackers can poison those rules files with invisible Unicode to instruct models to inject backdoors and exfiltrate data, as demonstrated by Pillar Security against Cursor and GitHub Copilot. #RulesFileBackdoor #PillarSecurity

AI coding tools often generate insecure code due to public training data, but persistent security rules files can enforce safer patterns. However, attackers can exploit these files using invisible Unicode backdoors. #RulesFileBackdoor #CodeSecurity

Pixels and Pulse - Blog

@pixelsandpulse.bsky.social

14 hours ago

AI code is fast, but it's creating massive security debt. Learn how 'old hacker habits' are your best defense against the hidden risks of vibecoding.

thepixelspulse.com/posts/safer-vibecoding-o...

#ai #cybersecurity #codesecurity

Ahmandonk

@ahmandonk.bsky.social

4 days ago

📰 GitHub Tambahkan Deteksi Bug Bertenaga AI untuk Perluas Cakupan Keamanan

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/04/04/github-tambah...

#ai #beritaTeknologi #codeSecurity #codeql #copilotAutofix #deteksiBug #github #githubAdvanced

Cybersecurity News Everyday

@hendryadrian.bsky.social

1 week ago

Claude AI finds Vim, Emacs RCE bugs that trigger on file open Vulnerabilities in the Vim and GNU Emacs text editors can allow remote code execution simply by opening a specially crafted file, and a researcher used the Claude assistant to generate multiple proof-of-concept exploits and mitigation suggestions. Vim was patched in version 9.2.0272 while the Emacs issue remains unpatched due to maintainers attributing the root cause to Git’s behavior; users should avoid opening files from untrusted sources. #Vim #GNUEmacs

Claude AI uncovered remote code execution bugs in Vim and Emacs triggered by opening crafted files. Vim patched in v9.2.0272; Emacs issue linked to Git behavior remains unpatched. #CodeSecurity #TextEditors #USA

Cybersecurity News Everyday

@hendryadrian.bsky.social

1 week ago

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks Open VSX's pre-publish scanning pipeline contained a bug that misinterpreted scanner failures as "no scanners configured," allowing a malicious VS Code extension to pass vetting and go live. The flaw, dubbed Open Sesame, could be triggered by flooding the publish endpoint to exhaust the database connection pool and was fixed in...

A bug in Open VSX’s pre-publish scanner let malicious VS Code extensions bypass security checks by misclassifying failures as no scanners configured. Fixed in version 0.32.0. #OpenSesame #CodeSecurity #SoftwareFlaw

PVS-Studio

@cody-programmer08.bsky.social

1 week ago

Get started with PVS-Studio static analyzer PVS-Studio static analyzer is a tool for detecting code errors throughout the entire project lifecycle. In this article, you can meet the key analyzer features, common usage scenarios, and analysis...

A wise man said: "The journey of a thousand miles begins with one step."
The same goes for writing clean, secure code. So the first step is choosing the right tool.
We just published a beginner-friendly guide on how to use PVS-Studio.

#Programming #Software #StaticAnalyzer #CodeSecurity #DevTools

Cybersecurity News Everyday

@hendryadrian.bsky.social

1 week ago

GitHub adds AI-powered bug detection to expand security coverage GitHub is adopting AI-based scanning in its Code Security tool to complement CodeQL and expand vulnerability detection across additional languages and frameworks. The hybrid model keeps CodeQL for deep semantic analysis while using AI to cover Shell/Bash, Dockerfiles, Terraform, PHP and more, with public preview expected in early Q2 2026 and findings integrated into pull requests alongside Copilot Autofix suggestions. #GitHub #CodeQL

GitHub enhances Code Security with AI-powered bug detection to complement CodeQL, expanding vulnerability coverage for Shell, Dockerfiles, Terraform, PHP, and more. Preview expected early Q2 2026. #CodeSecurity #DevOpsTools #AIIntegration

Can

@canyesilyurt.com

2 weeks ago

CodeQL in PRs is getting faster with incremental analysis. That means quicker feedback on potential security issues during code reviews. Less waiting, more fixing! 🚀 #CodeSecurity

Martin - AiPokusy.cz

@aipokusy.bsky.social

2 weeks ago

🤖 Nový "auto mode" v Claude Code brání AI kódovacím katastrofám! Automatická rozhodnutí a vestavěné bezpečnostní pojistky pro efektivnější a bezpečnější vývoj. Zatím pro uživatele Teams. #AI #CodeSecurity

thedailyperspective.org

@thedailyperspective.org

3 weeks ago

The AI coding paradox: too useful to resist, too risky to fully trust How developers can harness AI's productivity gains without sacrificing the expertise needed to catch dangerous errors and security vulnerabilities.

The AI coding paradox: too useful to resist, too risky to fully trust

#AICoding #SoftwareDevelopment #CodeSecurity #DevOps #AusNews

thedailyperspective.org/article/2026-03-18-the-a...

iT4iNT SERVER

@it4intserver.bsky.social

3 weeks ago

Claude Code Security and Magecart: Getting the Threat Model Right When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution begins. A detailed analysis of where Claude

iT4iNT SERVER Claude Code Security and Magecart: Getting the Threat Model Right VDS VPS Cloud #CyberSecurity #Magecart #AI #CodeSecurity #WebSecurity

Cybersecurity News Everyday

@hendryadrian.bsky.social

3 weeks ago

Contagious Interview: Malware delivered through fake developer job interviews Microsoft Defender Experts documented the Contagious Interview campaign that uses fake technical interview workflows to trick developers into running malicious NPM packages and Visual Studio Code tasks, delivering backdoors like Invisible Ferret and FlexibleFerret. The attackers harvest API tokens, cloud credentials, and signing keys while maintaining persistence via modular backdoors and registry RUN key modifications #InvisibleFerret #FlexibleFerret

Threat actors use fake developer job interviews to deliver malware via malicious NPM packages and VS Code tasks, stealing API tokens and cloud creds with backdoors like Invisible Ferret and FlexibleFerret. #DeveloperJobs #CodeSecurity

@webtoolskit.bsky.social

1 month ago

Worried about your JavaScript code's security? Protect your intellectual property from theft & reverse-engineering instantly with our free online JavaScript Obfuscator! Try it here → www.webtoolskit.org/p/javascript...

#JavaScript #CodeSecurity #Obfuscation

OpsMatters

@opsmatters.com

1 month ago

Mend Mend identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces license policies throughout the software development lifecycle.

The latest update for #Mendit includes "Why Claude #CodeSecurity Is a Big Moment for #ApplicationSecurity" and "Securing the New Control Plane: Introducing Static Scanning for AI Agent Configurations".

#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d

roxsross

@roxsross.bsky.social

1 month ago

🐛 Claude Code Security Detecta Fallos Que el Análisis Estático No Puede

Escanea código como un investigador humano, no como un mot

devops.com/claude-code-security-fin...

#CodeSecurity #VulnerabilityResearch #Anthropic #RoxsRoss

Bob Carver

@cybersecboardrm.bsky.social

1 month ago

Anthropic launches AI security tool that can find software bugs humans miss | Fortune fortune.com/2026/02/... #cybersecurity #Anthropic #codesecurity #ClaudeCodeSecurity #codereview

iT4iNT SERVER

@it4intserver.bsky.social

1 month ago

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and

iT4iNT SERVER Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs VDS VPS Cloud #Cybersecurity #VSCode #SecurityFlaws #CodeSecurity #SoftwareVulnerabilities

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

ZAST-AI secures $6M Pre-A funding to advance AI-driven code security, aiming for zero false positives. #CyberSecurity #AI #CodeSecurity #FundingNews Link: thedailytechfeed.com/zast-ai-rais...

iT4iNT SERVER

@it4intserver.bsky.social

1 month ago

ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI's total funding close to $10 million. This marks a recognition from leading capital markets of a new solution: ending the era of high false positive rates in security tools and making every alert

iT4iNT SERVER ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security VDS VPS Cloud #ZASTAI #CodeSecurity #ArtificialIntelligence #ZeroFalsePositives #CyberSecurity

Tom Smith

@ctsmithiii.bsky.social

2 months ago

Google Adds Hooks to Gemini CLI for Customized AI Workflows - DevOps.com Google adds hooks in Gemini CLI. Developers can customize AI agent behavior without modifying source code through middleware-style scripts.

devops.com/google-adds-... #DevOps #AIcoding #GeminiCLI #DeveloperTools #Automation #GoogleAI #SoftwareDevelopment #CodeSecurity

roxsross

@roxsross.bsky.social

2 months ago

🔐 Anthropic integra revisiones de seguridad automatizadas en Claude Code

Escanea vulnerabilidades en la terminal y en cada pull request, antes de enviar código

devops.com/anthropic-adds-automated...

#DevSecOps #CodeSecurity #VulnerabilityScanning #RoxsRoss

Tom Smith

@ctsmithiii.bsky.social

2 months ago

Anthropic Adds Automated Security Reviews to Claude Code - DevOps.com Security can’t be a last-mile checkpoint when AI is writing code at machine speed.According to DevOps.com, Anthropic has added automated security reviews directly into Claude Code, bringing vulnerabil...

New features in Claude Code let developers scan for vulnerabilities from the terminal and automate security reviews on pull requests.
devops.com/anthropic-ad... #DevOps #ApplicationSecurity #AI #ClaudeCode #GitHubActions #CodeSecurity #DeveloperTools #Anthropic #VulnerabilityManagement #SecureCode

Hacker News Companion

@hncompanion.com

3 months ago

One debated but effective mitigation: blocking post-install scripts in package managers. While inconvenient, it directly addresses the "arbitrary code execution" vulnerability, drastically reducing the risk of malicious packages running unnoticed. #CodeSecurity 4/6

Pure Tech

@puretech.news

4 months ago

New Study Shows Random Forest Models Can Spot 80% of Vulnerabilities Before Code Merge Table Of Links ABSTRACT I. INTRODUCTION II. BACKGROUND III. DESIGN DEFINITIONS DESIGN GOALS FRAMEWORK EXTENSIONS IV. MODELING CLASSIFIERS FEATURES V. DATA COLLECTION VI. CHARACTERIZATION VULNERABILITY...

New Study Shows Random Forest Models Can Spot 80% of Vulnerabilities Before Code Merge #Technology #SoftwareEngineering #ArtificialIntelligence #CodeSecurity #MachineLearning #VulnerabilityDetection

Donna E

@edwardsdna.bsky.social

4 months ago

Have we made any progress securing code in the last 25 years? After 25 years of fighting vulnerabilities, has the industry actually made progress? Michael Howard says yes—but the bugs we’re left with are the harder ones, and they may force us to rethink languages like C and C++. https://msft.it/6055sx1wW #OneDevQuestion

Channel9 Have we made any progress securing code in the last 25 years?: After 25 years of fighting vulnerabilities, has the industry actually made progress? Michael Howard says yes—but the bugs we’re left with are the harder ones, and they may force… #Cybersecurity #CodeSecurity #SoftwareDevelopment

The Daily Tech Feed

@thedailytechfeed.com

5 months ago

OpenAI unveils Aardvark, a GPT-5 powered agent that autonomously detects and fixes code vulnerabilities, revolutionizing code security. #OpenAI #Aardvark #GPT5 #CodeSecurity #AI #Cybersecurity Link: thedailytechfeed.com/openai-unvei...

Naoya

@naoyacreates.bsky.social

5 months ago

DeepMind AI Fixes Code Vulnerabilities Automatically | AI News Google DeepMind's AI agent finds and fixes software vulnerabilities, submitting 72 patches! Protect your code!

AIMindUpdate News!
Worried about software vulnerabilities? Google DeepMind's AI agent is automatically finding and fixing them! #AIAgent #CodeSecurity #DeepMind

Click here↓↓↓
aimindupdate.com/2025/10/09/d...

Chema Alonso

@chemaalonso.com

6 months ago

CodeMender: Un Agente IA para buscar bugs y parchear código fuente Blog personal de Chema Alonso ( https://MyPublicInbox.com/ChemaAlonso ): Ciberseguridad, IA, Innovación, Tecnología, Cómics & Cosas Personasles.

El lado del mal - CodeMender: Un Agente IA para buscar bugs y parchear código fuente www.elladodelmal.com/2025/10/code... #AgenticAI #Ciberseguridad #IA #AI #BugBounty #Bug #Gemini #InteligenciaArtificial #OpenSource #Hardening #CodeSecurity

Hacker News Companion

@hncompanion.com

6 months ago

Security is paramount with AI-generated code. Users stressed the critical need for human review of Jules' output to prevent vulnerabilities and ensure code integrity. Don't skip human oversight! 🔒 #CodeSecurity 4/6

@cyfluencer.bsky.social

6 months ago

🤖 Debugging code written by an AI co-pilot, trying to figure out which one of you introduced the zero-day exploit.

#AICybersecurity #CodeSecurity