Python dev saved from disaster by intuition...and AI

Python developer Roman Imankulov nearly took the bait. The fact that he didn't can be chalked up to human intuition and AI ...

GitHits Raises $1.75M Pre-Seed to End AI Hallucinations for Coding Agents with “Google for Code”

AI hallucinates when writing code. GitHits gives AI coding agents access to open-source code. Launching the beta version today. GitHits gives AI coding agents access to the open source code behind ...

Devs know AI code is riddled with holes, but ship it anyway

Research by AppSec biz Checkmarx finds that 70 percent of developers believe AI-generated code has more vulnerabilities, and ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

XBOW tests Anthropic's Mythos Preview for offensive security

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code.

JianJun Jin

Jin is the developer of GetOrganelle, a software tool that helps biologists to disentangle the DNA of organelles—small ...

Kimi K2.7-Code cuts thinking tokens 30% — but practitioners say the benchmarks don't check out

Kimi K2.7-Code claims 30% fewer thinking tokens and a drop-in API swap path, but independent benchmarks show kernel ...

How AI helped build hreflang XML sitemaps at scale

Learn how iterative prompting, Python, and Google Colab helped turn a multilingual hreflang mapping project into a scalable ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.