CSO Online

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Proofpoint has warned about phishing campaigns abusing legitimate device authorization flow to bypass MFA and gain persistent ...
NDTV

4 Labour Codes Come Into Effect, Social Security Extended To All Workers

The Codes have defined 'Gig work', 'Platform work', and 'Aggregators' for the first time. In a landmark overhaul of labour laws, the government on Friday notified all four Labour Codes, ushering in ...
InfoWorld

How GlassWorm wormed its way back into developers’ code — and what it says about open source security

Pervasive, evasive malware thought to have been eliminated has wormed its way back into development environments. Just a little over two weeks after GlassWorm was declared “fully contained and closed” ...
VentureBeat

Meet Aardvark, OpenAI’s security agent for code analysis and patching

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...
Wired

Vibe Coding Is the New Open Source—in the Worst Way Possible

Just like you probably don't grow and grind wheat to make flour for your bread, most software developers don't write every line of code in a new project from scratch. Doing so would be extremely slow ...
Bleeping Computer

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...
ZDNet

This 'critical' Cursor security flaw could expose your code to malware - how to fix it

A report found hackers can exploit an autorun feature in Cursor. The danger is "significant," but there's an easy fix. Cursor uses AI to assist with code-editing. A new report has uncovered what it ...
Futurism

Programmers Using AI Create Way More Glaring Security Issues, Data Shows

Artificial intelligence has notorious problems with accuracy — so maybe it’s not surprising that using it as a coding assistant creates more security problems, too. As a security firm called Apiiro ...
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
Columbus Dispatch

Google 'password reset' scam targeting Gmail users. What to know, how to stay safe in Ohio

A new Gmail phishing scam impersonates Google IT support to gain account access. The scam involves fake password recovery emails and requests for security codes. Google advises against clicking links ...
Dark Reading

Do Claude Code Security Reviews Pass the Vibe Check?

If there's anything that gives a seasoned application security (AppSec) professional indigestion these days, it's the thought of AI-assisted coding layered on top of an already insecure development ...
Dark Reading

How to Vibe Code With Security in Mind

A tool can be used well or poorly, but much of the time it is neither inherently good nor bad. Take vibe coding, the act of using natural language to instruct an LLM to generate code. Applied poorly, ...