programming

GitHub releases an open dataset for multilingual developer content

data, GitHub, News, programming /

GitHub releases an open dataset for multilingual developer content 2026-06-16 at 09:55 By Anamarija Pogorelec Developers coordinate code across README files, issue threads, and pull request discussions. Much of that exchange happens in English, and a large share happens in other languages. GitHub has released a dataset built to help researchers and developers locate public […]

GitHub releases an open dataset for multilingual developer content Read More »

Microsoft’s WinUI agent plugin trims token use by over 70% during development

Claude Code, GitHub, Microsoft, News, programming, software development, Windows /

Microsoft’s WinUI agent plugin trims token use by over 70% during development 2026-05-14 at 18:25 By Sinisa Markovic Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX packaging. The WinUI agent plugin ships one agent, eight

Microsoft’s WinUI agent plugin trims token use by over 70% during development Read More »

HEIDI: Free IDE security plugin for open-source vulnerability checks

Connecting Software, DevSecOps, Don't miss, LLMs, News, programming, software, software development, supply chain /

HEIDI: Free IDE security plugin for open-source vulnerability checks 2026-05-12 at 09:28 By Mirko Zorz Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a

HEIDI: Free IDE security plugin for open-source vulnerability checks Read More »

Node.js 26 ships with Temporal API enabled by default

JavaScript, News, Node.js, programming, software development /

Node.js 26 ships with Temporal API enabled by default 2026-05-07 at 12:26 By Anamarija Pogorelec Developers managing JavaScript runtimes have a new major version to evaluate. Node.js 26.0.0 brings the long-awaited Temporal API to the platform alongside an updated V8 engine, a refreshed HTTP client, and several long-flagged removals that will require code changes in

Node.js 26 ships with Temporal API enabled by default Read More »

AI coding agents keep repeating decade-old security mistakes

agentic AI, Anthropic, Artificial Intelligence, Claude Code, cybersecurity, Don't miss, DryRun Security, Google, Hot stuff, News, OpenAI, programming, report /

AI coding agents keep repeating decade-old security mistakes 2026-03-13 at 08:01 By Anamarija Pogorelec Coding agents are now writing production features on real development teams, and a new report from DryRun Security shows that those agents introduce security vulnerabilities at a high rate across nearly every type of application they build. “AI coding agents can

AI coding agents keep repeating decade-old security mistakes Read More »

Fake Claude Code install pages highlight rise of “InstallFix” attacks

Anthropic, Claude Code, Don't miss, Google Search, Hot stuff, malvertising, News, programming, Push Security, social engineering, software development /

Fake Claude Code install pages highlight rise of “InstallFix” attacks 2026-03-09 at 12:58 By Zeljka Zorz Users looking for Anthropic’s Claude Code agentic AI coding tool are being tricked via fake Claude Code install pages into running malware, Push Security researchers have warned. The attackers behind this scheme are faithfully cloning Anthropic’s installation page, hosting

Fake Claude Code install pages highlight rise of “InstallFix” attacks Read More »

GitHub enables multi-agent AI coding inside repository workflows

Anthropic, code, GitHub, News, OpenAI, programming, software development /

GitHub enables multi-agent AI coding inside repository workflows 2026-02-05 at 13:02 By Anamarija Pogorelec GitHub has expanded Agents HQ, enabling AI coding agents such as GitHub Copilot, Claude by Anthropic, and OpenAI Codex to execute development tasks directly within GitHub and developer editors while preserving repository context, session history, and review workflows. Copilot Pro+ and

GitHub enables multi-agent AI coding inside repository workflows Read More »

Apple Xcode 26.3 adds coding agent support from OpenAI and Anthropic

Anthropic, apple, News, OpenAI, programming, software development /

Apple Xcode 26.3 adds coding agent support from OpenAI and Anthropic 2026-02-04 at 11:56 By Sinisa Markovic Apple released Xcode 26.3 with new agentic coding capabilities designed to let AI systems carry out development tasks inside the IDE. The release supports agents such as Anthropic’s Claude Agent and OpenAI’s Codex. Coding agents can break down

Apple Xcode 26.3 adds coding agent support from OpenAI and Anthropic Read More »

Phishing campaign targets Rust developers

Don't miss, GitHub, Hot stuff, News, programming, rust, spear-phishing /

Phishing campaign targets Rust developers 2025-09-15 at 19:27 By Zeljka Zorz Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm phishing campaign. The phishing email The emails started hitting developers’ inboxes on Friday, minutes after they published a (new)

Phishing campaign targets Rust developers Read More »

Default Cursor setting can be exploited to run malicious code on developers’ machines

Cursor, Don't miss, Hot stuff, News, Oasis Security, programming, software development, vulnerability /

Default Cursor setting can be exploited to run malicious code on developers’ machines 2025-09-11 at 14:02 By Zeljka Zorz An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers have warned. An exploitable vulnerability in the Cursor AI editor Cursor is

Default Cursor setting can be exploited to run malicious code on developers’ machines Read More »

AI can write your code, but nearly half of it may be insecure

Artificial Intelligence, cybersecurity, Don't miss, generative AI, LLMs, News, programming, report, Risk Management, Veracode /

AI can write your code, but nearly half of it may be insecure 2025-08-07 at 09:15 By Help Net Security While GenAI excels at producing functional code, it introduces security vulnerabilities in 45 percent of cases, according to Veracode’s 2025 GenAI Code Security Report, which analyzed code produced by over 100 LLMs across 80 real-world

AI can write your code, but nearly half of it may be insecure Read More »

Behind the code: How developers work in 2025

Artificial Intelligence, containers, Docker, LLMs, machine learning, microservices, News, programming, report, survey /

Behind the code: How developers work in 2025 2025-07-11 at 13:01 By Anamarija Pogorelec How are developers working in 2025? Docker surveyed over 4,500 people to find out, and the answers are a mix of progress and ongoing pain points. AI is gaining ground but still unevenly used. Security is now baked into everyday workflows.

Behind the code: How developers work in 2025 Read More »

Data-stealing VS Code extensions removed from official Marketplace

Datadog, Don't miss, Ethereum, extension, Hot stuff, News, programming, VS Code, VS Code Marketplace /

Data-stealing VS Code extensions removed from official Marketplace 2025-05-21 at 16:19 By Zeljka Zorz Developers who specialize in writing smart (primarily Ethereum) contracts using the Solidity programming language have been targeted via malicious VS Code extensions that install malware that steals cryptocurrency wallet credentials. “Based on shared infrastructure and obfuscation characteristics, we attribute all three

Data-stealing VS Code extensions removed from official Marketplace Read More »

Package hallucination: LLMs may deliver malicious code to careless devs

Artificial Intelligence, Don't miss, Hot stuff, JavaScript, LLMs, Malware, News, programming, Python, software development /

Package hallucination: LLMs may deliver malicious code to careless devs 2025-04-14 at 15:46 By Zeljka Zorz LLMs’ tendency to “hallucinate” code packages that don’t exist could become the basis for a new type of supply chain attack dubbed “slopsquatting” (courtesy of Seth Larson, Security Developer-in-Residence at the Python Software Foundation). A known occurrence Many software

Package hallucination: LLMs may deliver malicious code to careless devs Read More »

China-based Silver Fox spoofs healthcare app to deliver malware

APT, backdoor, China, Don't miss, Forescout, healthcare, Hot stuff, News, programming, software development /

China-based Silver Fox spoofs healthcare app to deliver malware 2025-02-25 at 18:33 By Zeljka Zorz Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising the malware as legitimate healthcare app (the Philips DICOM viewer), a Windows

China-based Silver Fox spoofs healthcare app to deliver malware Read More »

PRevent: Open-source tool to detect malicious code in pull requests

Apiiro, code analysis, Don't miss, GitHub, Hot stuff, Java, JavaScript, Kotlin, News, open source, PHP, programming, Python, Ruby, software development, threat detection /

PRevent: Open-source tool to detect malicious code in pull requests 2025-02-20 at 16:52 By Zeljka Zorz Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static

PRevent: Open-source tool to detect malicious code in pull requests Read More »

The number of Android memory safety vulnerabilities has tumbled, and here’s why

Android, code, cybersecurity, Don't miss, Hot stuff, News, programming, software development, vulnerability /

The number of Android memory safety vulnerabilities has tumbled, and here’s why 2024-09-26 at 15:32 By Zeljka Zorz Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The number

The number of Android memory safety vulnerabilities has tumbled, and here’s why Read More »

Innovative approach promises faster bug fixes

News, programming, research /

Innovative approach promises faster bug fixes 2024-07-31 at 12:02 By Help Net Security Modern software applications usually consist of numerous files and several million lines of code. Due to the sheer quantity, finding and correcting faults, known as debugging, is difficult. In many software companies, developers still search for faults manually, which takes up a

Innovative approach promises faster bug fixes Read More »

BLint: Open-source tool to check the security properties of your executables

Android, AppThreat, Don't miss, GitHub, Linux, mobile apps, News, open source, programming, software, Windows /

BLint: Open-source tool to check the security properties of your executables 2024-05-14 at 07:31 By Mirko Zorz BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials (SBOM) for compatible binaries. BLint features “Several source code analysis

BLint: Open-source tool to check the security properties of your executables Read More »

Using cloud development environments to secure source code

Cloud, code, Coder, cybersecurity, DevOps, Don't miss, Hot stuff, programming, software development, Video /

Using cloud development environments to secure source code 2024-03-21 at 07:01 By Help Net Security In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining

Using cloud development environments to secure source code Read More »

Scroll to Top