Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think

The new AI model is being heralded—and feared—as a hacker’s superweapon. Experts say its arrival is a wake-up call for developers who have long made security an afterthought...

EUVD-2022-2689

Malicious code in bioql PyPI...

EUVD-2024-1358

Malicious code in bioql PyPI...

Lazarus Group Hid Backdoor in Fake npm Packages in Latest Attack

Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects...

Linux Distros Unpatched Vulnerability : CVE-2024-29180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently...

Hackers Exploit Fake GitHub Repositories to Spread GitVenom Malware

Kaspersky's Securelist exposes the GitVenom campaign involving fake GitHub repositories to distribute malware. Targeting developers with seemingly legitimate…...

MAL-2023-8035 Malicious code in some_crucial_web_app_new (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ccdfaaee4aea58e70c939bbfb4ebf1b0e2bf0cd4ce9918422a25e37c7ac59071 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

GHSA-9XGJ-FCGF-X6MW Poetry Argument Injection can lead to Local Code Execution

Observation When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection...

The Importance of Defining Secure Code

The developers who create the software, applications and programs that drive digital business have become the lifeblood of many organizations. Most modern businesses would not be able to profitably function, without competitive applications and programs, or without 24-hour access to their website...

Cryptominers Slither into Python Projects in Supply-Chain Campaign

A group of cryptominers was found to have infiltrated the Python Package Index PyPI, which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where...

MISSIONS — The Next Level of Interactive Developer Security Training

If organizations want to get serious about software security, they need to empower their engineers to play a defensive role against cyberattacks as they craft their code. The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that...

CVE-2019-10753

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...

CVE-1999-0452

A service or application has a backdoor password that was placed there by the developer...