software development

Google sets timeline for Android developer verification enforcement

Android, Google, identity verification, News, software development /

Google sets timeline for Android developer verification enforcement 2026-06-19 at 12:10 By Anamarija Pogorelec Android’s developer verification protections will take effect on September 30, 2026, starting with users in Brazil, Indonesia, Singapore, and Thailand. Developers distributing apps through participating stores in those markets must complete the verification process by the deadline. Google Play, HONOR App […]

Google sets timeline for Android developer verification enforcement Read More »

What’s new in Android 17? Anti-theft tools, scam detection, and parental controls

Android, cybersecurity, Google, location tracking, News, Privacy, software development /

What’s new in Android 17? Anti-theft tools, scam detection, and parental controls 2026-06-17 at 13:40 By Anamarija Pogorelec The Android 17 rollout has started for supported Pixel devices, delivering new security and privacy capabilities before expanding to other devices later this year. Security and privacy updates Google has improved location privacy features so users can

What’s new in Android 17? Anti-theft tools, scam detection, and parental controls Read More »

Software supply chains are heading for a transparency test

Compliance, cybersecurity, ENISA, EU, Europe, News, regulation, software development, supply chain /

Software supply chains are heading for a transparency test 2026-06-16 at 12:24 By Anamarija Pogorelec Software supply chain visibility is becoming part of product security work as the EU Cyber Resilience Act (CRA) moves toward application in December 2027. ENISA’s SBOM Adoption State of Play 2026 shows organizations preparing for CRA obligations through SBOM tooling,

Software supply chains are heading for a transparency test Read More »

Claude now reviews and fixes vulnerabilities as you write code

Anthropic, Claude Code, cybersecurity, News, software development, vulnerability management /

Claude now reviews and fixes vulnerabilities as you write code 2026-05-27 at 16:37 By Sinisa Markovic Anthropic introduced a security-guidance plugin for Claude Code that reviews code changes for common vulnerabilities and helps Claude identify and fix issues during the same development session. The company says the plugin is designed to catch issues such as

Claude now reviews and fixes vulnerabilities as you write code Read More »

CVE Lite CLI: Open-source dependency vulnerability scanner

Don't miss, GitHub, News, open source, OWASP, scanner, software, software development, vulnerability assessment /

CVE Lite CLI: Open-source dependency vulnerability scanner 2026-05-20 at 09:34 By Mirko Zorz Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours

CVE Lite CLI: Open-source dependency vulnerability scanner Read More »

Microsoft’s WinUI agent plugin trims token use by over 70% during development

Claude Code, GitHub, Microsoft, News, programming, software development, Windows /

Microsoft’s WinUI agent plugin trims token use by over 70% during development 2026-05-14 at 18:25 By Sinisa Markovic Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX packaging. The WinUI agent plugin ships one agent, eight

Microsoft’s WinUI agent plugin trims token use by over 70% during development Read More »

OpenAI’s Daybreak uses Codex Security to identify risky attack paths

AI, cybersecurity, News, OpenAI, resilience, software development, threat modeling /

OpenAI’s Daybreak uses Codex Security to identify risky attack paths 2026-05-12 at 11:38 By Anamarija Pogorelec OpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organizations identify, validate, and prioritize software vulnerabilities.

OpenAI’s Daybreak uses Codex Security to identify risky attack paths Read More »

HEIDI: Free IDE security plugin for open-source vulnerability checks

Connecting Software, DevSecOps, Don't miss, LLMs, News, programming, software, software development, supply chain /

HEIDI: Free IDE security plugin for open-source vulnerability checks 2026-05-12 at 09:28 By Mirko Zorz Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a

HEIDI: Free IDE security plugin for open-source vulnerability checks Read More »

Google is turning Android Studio into a policy watchdog

Android, Google, Google Play, identity verification, News, Privacy, software development /

Google is turning Android Studio into a policy watchdog 2026-05-08 at 13:09 By Anamarija Pogorelec Google has expanded Play Policy Insights in Android Studio to help developers catch policy issues while coding, including warnings for common problems such as missing login credentials. Later this year, developers who connect their Play developer account directly to Android

Google is turning Android Studio into a policy watchdog Read More »

Node.js 26 ships with Temporal API enabled by default

JavaScript, News, Node.js, programming, software development /

Node.js 26 ships with Temporal API enabled by default 2026-05-07 at 12:26 By Anamarija Pogorelec Developers managing JavaScript runtimes have a new major version to evaluate. Node.js 26.0.0 brings the long-awaited Temporal API to the platform alongside an updated V8 engine, a refreshed HTTP client, and several long-flagged removals that will require code changes in

Node.js 26 ships with Temporal API enabled by default Read More »

Can your coding style predict whether your code is vulnerable?

code analysis, cybersecurity, Don't miss, LLMs, News, research, software development /

Can your coding style predict whether your code is vulnerable? 2026-05-05 at 13:21 By Sinisa Markovic Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all carry traces of individual habit. Researchers have used these stylistic signals for years

Can your coding style predict whether your code is vulnerable? Read More »

Where AI in CI/CD is working for engineering teams

AI, DevOps, JetBrains, News, software development, survey /

Where AI in CI/CD is working for engineering teams 2026-04-24 at 08:22 By Anamarija Pogorelec Developers have folded AI into daily coding work. Still, the same tools remain largely absent from the systems that validate and ship software. New research from JetBrains points to a widening gap between how engineers write code on their own

Where AI in CI/CD is working for engineering teams Read More »

Social engineering attacks on open source developers are escalating

Don't miss, Hot stuff, LinkedIn, News, open source, OpenSSF, Slack, social engineering, Socket, software development /

Social engineering attacks on open source developers are escalating 2026-04-08 at 15:45 By Zeljka Zorz North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the

Social engineering attacks on open source developers are escalating Read More »

Android developers just got a new verification layer

Android, Google, Google Play, identity verification, News, software development /

Android developers just got a new verification layer 2026-03-31 at 15:43 By Anamarija Pogorelec To help prevent malicious actors from spreading harmful apps while hiding behind anonymity, Google is rolling out developer verification to all Android developers. The company is also introducing app registration, which links apps to verified developer identities. Developers can still choose

Android developers just got a new verification layer Read More »

AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure

Artificial Intelligence, code, credentials, cybersecurity, Data leak, GitGuardian, GitHub, News, report, software development /

AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure 2026-03-27 at 20:33 By Anamarija Pogorelec Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded secrets in public GitHub commits in 2025, extending a multi-year rise

AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure Read More »

Google slows Android sideloading to trip up scammers

Android, Application Security, Google, News, scams, software development /

Google slows Android sideloading to trip up scammers 2026-03-20 at 19:32 By Anamarija Pogorelec Google’s advanced flow for Android changes how apps from unverified developers are installed, adding steps to reduce scam-driven sideloading. The feature is aimed at experienced users and allows sideloading through a controlled, one-time setup. It addresses scam scenarios where attackers pressure

Google slows Android sideloading to trip up scammers Read More »

ENISA advisory examines package manager security risks

Application Security, Artificial Intelligence, automation, cybersecurity, ENISA, News, software development /

ENISA advisory examines package manager security risks 2026-03-12 at 15:24 By Anamarija Pogorelec Developers install external libraries with a single command, and that step can introduce more code than expected into a project environment. Dependency resolution inside package managers extends software supply chains across large collections of external components. ENISA’s Technical Advisory for Secure Use

ENISA advisory examines package manager security risks Read More »

Fake Claude Code install pages highlight rise of “InstallFix” attacks

Anthropic, Claude Code, Don't miss, Google Search, Hot stuff, malvertising, News, programming, Push Security, social engineering, software development /

Fake Claude Code install pages highlight rise of “InstallFix” attacks 2026-03-09 at 12:58 By Zeljka Zorz Users looking for Anthropic’s Claude Code agentic AI coding tool are being tricked via fake Claude Code install pages into running malware, Push Security researchers have warned. The attackers behind this scheme are faithfully cloning Anthropic’s installation page, hosting

Fake Claude Code install pages highlight rise of “InstallFix” attacks Read More »

AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities

Application Security, Artificial Intelligence, attacks, Compliance, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, News, opinion, security testing, software development, StackHawk /

AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities 2026-02-26 at 07:35 By Mirko Zorz In this Help Net Security interview, Joni Klippert, CEO at StackHawk, discusses what defines DAST coverage in 2026 and why scan completion does not equal security. She explains how AI-driven DAST testing automates attack surface discovery, supports business-logic testing in

AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities Read More »

Self-spreading npm malware targets developers in new supply chain attack

data theft, Don't miss, Hot stuff, JavaScript, Malware, News, Node.js, Socket, software development, worms /

Self-spreading npm malware targets developers in new supply chain attack 2026-02-24 at 15:10 By Zeljka Zorz Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like

Self-spreading npm malware targets developers in new supply chain attack Read More »

Scroll to Top