software development

PRevent: Open-source tool to detect malicious code in pull requests

Apiiro, code analysis, Don't miss, GitHub, Hot stuff, Java, JavaScript, Kotlin, News, open source, PHP, programming, Python, Ruby, software development, threat detection /

PRevent: Open-source tool to detect malicious code in pull requests 2025-02-20 at 16:52 By Zeljka Zorz Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static […]

React to this headline:

Loading spinner

PRevent: Open-source tool to detect malicious code in pull requests Read More »

The XCSSET info-stealing malware is back, targeting macOS users and devs

Don't miss, Hot stuff, macOS, Malware, Microsoft, News, software development, Trend Micro, Xcode /

The XCSSET info-stealing malware is back, targeting macOS users and devs 2025-02-17 at 19:50 By Zeljka Zorz A new, improved variant of the XCSSET macOS malware has been spotted “in limited attacks” by Microsoft’s threat researchers. XCSSET macOS malware XCSSET in information-stealing and backdoor-injecting malware targeting Mac users. It’s usually distributed via infected Xcode projects

React to this headline:

Loading spinner

The XCSSET info-stealing malware is back, targeting macOS users and devs Read More »

Malicious ML models found on Hugging Face Hub

Artificial Intelligence, Don't miss, Hot stuff, Hugging Face, JFrog, machine learning, News, ReversingLabs, software development, supply chain attacks /

Malicious ML models found on Hugging Face Hub 2025-02-10 at 15:52 By Zeljka Zorz Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models. Once one of them is downloaded and executed on the developer’s machine, the malicious payload checks if

React to this headline:

Loading spinner

Malicious ML models found on Hugging Face Hub Read More »

GitHub CISO on security strategy and collaborating with the open-source community

CISO, cybersecurity, Don't miss, Features, GitHub, Hot stuff, News, open source, opinion, software development, strategy, tips /

GitHub CISO on security strategy and collaborating with the open-source community 2025-01-13 at 07:06 By Mirko Zorz In this Help Net Security, Alexis Wales, CISO at GitHub, discusses how GitHub embeds security into every aspect of its platform to protect millions of developers and repositories, ensuring it remains a trustworthy platform for building secure software.

React to this headline:

Loading spinner

GitHub CISO on security strategy and collaborating with the open-source community Read More »

Time for a change: Elevating developers’ security skills

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, skill development, software development, Symbiotic Security, vulnerability management /

Time for a change: Elevating developers’ security skills 2025-01-13 at 06:07 By Help Net Security Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, of course, given the time it takes for a proper assessment. However, given the

React to this headline:

Loading spinner

Time for a change: Elevating developers’ security skills Read More »

GitLab CISO on proactive monitoring and metrics for DevSecOps success

Artificial Intelligence, cybersecurity, DevSecOps, Don't miss, Features, framework, GitLab, Hot stuff, LLMs, News, opinion, security metrics, software development /

GitLab CISO on proactive monitoring and metrics for DevSecOps success 2025-01-09 at 07:32 By Mirko Zorz In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating security tools. He shares tips for maintaining development speed, fostering collaboration,

React to this headline:

Loading spinner

GitLab CISO on proactive monitoring and metrics for DevSecOps success Read More »

Cybercriminals used a gaming engine to create undetectable malware loader

Check Point, Don't miss, GitHub, Hot stuff, Linux, macOS, Malware, malware detection, News, software development, Windows /

Cybercriminals used a gaming engine to create undetectable malware loader 2024-11-27 at 20:33 By Zeljka Zorz Threat actors are using an ingenious new way for covertly delivering malware to a wide variety of operating systems and platforms: they have created a malware loader that uses Godot Engine, an open-source game engine. The loader – dubbed

React to this headline:

Loading spinner

Cybercriminals used a gaming engine to create undetectable malware loader Read More »

Active network of North Korean IT front companies exposed

China, Don't miss, Hot stuff, Insider Threat, News, North Korea, Palo Alto Networks, SentinelOne, software development, tips, USA /

Active network of North Korean IT front companies exposed 2024-11-21 at 16:18 By Zeljka Zorz An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active network of such companies originating in China. Unearthing North Korean IT front

React to this headline:

Loading spinner

Active network of North Korean IT front companies exposed Read More »

GitHub Secure Open Source Fund: Project maintainers, apply now!

Don't miss, education, GitHub, Hot stuff, News, open source, software development /

GitHub Secure Open Source Fund: Project maintainers, apply now! 2024-11-20 at 15:42 By Zeljka Zorz GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their software. The program is funded by companies (AmEx

React to this headline:

Loading spinner

GitHub Secure Open Source Fund: Project maintainers, apply now! Read More »

Overreliance on GenAI to develop software compromises security

automation, generative AI, Legit Security, News, report, software development, survey /

Overreliance on GenAI to develop software compromises security 2024-11-20 at 06:07 By Help Net Security GenAI is quickly changing the software development process by automating tasks that once took developers hours, if not days, to complete, bolstering efficiency and productivity, according to Legit Security. “As GenAI transforms software development and becomes increasingly embedded in the

React to this headline:

Loading spinner

Overreliance on GenAI to develop software compromises security Read More »

The number of Android memory safety vulnerabilities has tumbled, and here’s why

Android, code, cybersecurity, Don't miss, Hot stuff, News, programming, software development, vulnerability /

The number of Android memory safety vulnerabilities has tumbled, and here’s why 2024-09-26 at 15:32 By Zeljka Zorz Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The number

React to this headline:

Loading spinner

The number of Android memory safety vulnerabilities has tumbled, and here’s why Read More »

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

CVE, Don't miss, enterprise, GitHub, Hot stuff, News, security update, software development, vulnerability /

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) 2024-08-22 at 15:31 By Zeljka Zorz A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty program, has been addressed and administrators are

React to this headline:

Loading spinner

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) Read More »

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32

Artificial Intelligence, conferences, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Microsoft, News, opinion, Privacy, SANS, Signal, software development, SonicWall, supply chain attacks /

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 2024-08-16 at 12:46 By Help Net Security I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security experts in the world.

React to this headline:

Loading spinner

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 Read More »

Coding practices: The role of secure programming languages

Don't miss, Hot stuff, News, NIST, software development, tips /

Coding practices: The role of secure programming languages 2024-07-30 at 06:31 By Mirko Zorz Safety and quality are not features that can be added through testing — they must be integral to the design. Opting for a safer or more secure language or language subset during implementation can eliminate entire categories of vulnerabilities. The Software

React to this headline:

Loading spinner

Coding practices: The role of secure programming languages Read More »

One-third of dev professionals unfamiliar with secure coding practices

code, News, OpenSSF, report, software, software development, survey, The Linux Foundation, training /

One-third of dev professionals unfamiliar with secure coding practices 2024-07-19 at 07:01 By Help Net Security Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and skills to effectively implement secure software development. Lack

React to this headline:

Loading spinner

One-third of dev professionals unfamiliar with secure coding practices Read More »

Maintaining human oversight in AI-enhanced software development

Artificial Intelligence, automation, code, cybersecurity, DevOps, Don't miss, Features, generative AI, Harness, Hot stuff, News, opinion, software development /

Maintaining human oversight in AI-enhanced software development 2024-07-03 at 07:31 By Mirko Zorz In this Help Net Security, Martin Reynolds, Field CTO at Harness, discusses how AI can enhance the security of software development and deployment. However, increased reliance on AI-generated code introduces new risks, requiring human oversight and integrated security practices to ensure safe

React to this headline:

Loading spinner

Maintaining human oversight in AI-enhanced software development Read More »

Developer errors lead to long-term exposure of sensitive data in Git repos

Aqua Security, cybersecurity, data, Don't miss, GitHub, News, open source, report, software, software development /

Developer errors lead to long-term exposure of sensitive data in Git repos 2024-06-26 at 15:01 By Help Net Security Credentials, API tokens, and passkeys – collectively referred to as secrets – from organizations around the globe were exposed for years, according to Aqua Security’s latest research. By scanning the most popular 100 organizations on GitHub,

React to this headline:

Loading spinner

Developer errors lead to long-term exposure of sensitive data in Git repos Read More »

Enhancing security through collaboration with the open-source community

code, collaboration, Compliance, cybersecurity, Don't miss, Features, Hot stuff, NetworkRADIUS, News, open source, opinion, regulation, software development, strategy /

Enhancing security through collaboration with the open-source community 2024-06-18 at 07:32 By Mirko Zorz In this Help Net Security interview, Alan DeKok, CEO at NetworkRADIUS, discusses the need for due diligence in selecting and maintaining open-source tools, and brings out the potential risks and benefits of collaborating with the open-source community to enhance software security.

React to this headline:

Loading spinner

Enhancing security through collaboration with the open-source community Read More »

Low code, high stakes: Addressing SQL injection

Application Security, attacks, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, human error, News, Nokod Security, opinion, software development, SQL injection /

Low code, high stakes: Addressing SQL injection 2024-06-17 at 08:01 By Help Net Security Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source of web application vulnerabilities. Reasons include human error, new technologies

React to this headline:

Loading spinner

Low code, high stakes: Addressing SQL injection Read More »

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)

Android, CVE, DevOps, Don't miss, Hot stuff, Java, JetBrains, Kotlin, News, software development, vulnerability /

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) 2024-06-11 at 15:46 By Zeljka Zorz JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. About CVE-2024-37051 JetBrains offers IDEs for various programming languages. CVE-2024-37051 is a vulnerability in the

React to this headline:

Loading spinner

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) Read More »

Scroll to Top