Do Androids Dream of Breaking the Game? Systematically Auditing AI Agent Benchmarks with BenchJack

Agent benchmarks have become the de facto measure of frontier AI competence, guiding model selection, investment, and deployment. However, reward hacking, where agents maximize a score without performing the intended task, emerges spontaneously in frontier models without overfitting. We argue tha...

Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code

Every engineering team in your organization ships code through a pipeline. They branch, test, review, and deploy. If something breaks, they roll back. If someone asks "what changed?", the answer is in the commit history. This isn't heroic discipline to process; it's just how software gets built...

A Bootiful Podcast: Nate Schutta the fundamentals of software engineering

Hi Spring fans, and happy holidays! I'm delighted to be joined again on this episode by my friend and fellow harbinger of doom in the best possible way, Nate Schutta — co-author of the wonderful book Foundations of Software Engineering!...

A Bootiful Podcast: Dan Vega on the fundamentals of software engineering

Hi, Spring fans! I'm so excited to chat with fellow Spring developer advocate Dan Vega about his new book, Fundamentals of Software Engineering...

MASCOT: Analyzing Malware Evolution through a Well-Curated Source Code Dataset

In recent years, the explosion of malware and extensive code reuse have formed complex evolutionary connections among malware specimens. The rapid pace of development makes it challenging for existing studies to characterize recent evolutionary trends. In addition, intuitive tools to untangle the...

From Prompts to Protocols: How Agentic Systems, MCP, Vibe Coding, and Schema-Aware Tools Are Rewiring Software Engineering

Modern software engineering faces growing complexity across codebases, environments, and workflows. Traditional tools, although effective, rely heavily on…...

EUVD-2025-23651

Malicious code in bioql PyPI...

EUVD-2024-0033

Malicious code in bioql PyPI...

EUVD-2023-58938

Malicious code in bioql PyPI...

AI wrote my code and all I got was this broken prototype

Welcome to this week's edition of the Threat Source newsletter. Vulnerabilities within software are a persistent challenge. Software engineers inadvertently tend to make the same mistakes repeatedly, with the same entries appearing in the annual top 25 list of Common Weakness Enumerations each...

CVE-2025-45512

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot U-Boot v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution...

UBUNTU-CVE-2025-45512

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot U-Boot v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution...

CVE-2025-45512

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot U-Boot v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution...

CVE-2025-45512

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot U-Boot v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution...

EditLord: Learning Code Transformation Rules for Code Editing

Code editing is a foundational task in software development, where its effectiveness depends on whether it introduces desired code property changes without changing the original code's intended functionality. Existing approaches often formulate code editing as an implicit end-to-end task, omittin...

CVE-2025-38014 dmaengine: idxd: Refactor remove call with idxd_cleanup() helper

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxdcleanup helper The idxdcleanup helper cleans up perfmon, interrupts, internals and so on. Refactor remove call with the idxdcleanup helper to avoid code duplication. Note, this also...

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in versions prior to DENX Software Engineering Das U-Boot 2025.01-rc1 that stems from stack exhaustion due to deep symbolic link nesting in squashfs...

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in versions prior to DENX Software Engineering Das U-Boot 2025.01-rc1, which stems from a heap memory corruption in squashfs directory listings due to a failure ...

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in versions prior to DENX Software Engineering Das U-Boot 2025.01-rc1, which stems from an integer overflow in symbolic link parsing that results in a memory...

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in versions prior to DENX Software Engineering Das U-Boot 2025.01-rc1 that stems from an integer overflow in the symbolic link size calculation...