software development

GitHub enables multi-agent AI coding inside repository workflows

Anthropic, code, GitHub, News, OpenAI, programming, software development /

GitHub enables multi-agent AI coding inside repository workflows 2026-02-05 at 13:02 By Anamarija Pogorelec GitHub has expanded Agents HQ, enabling AI coding agents such as GitHub Copilot, Claude by Anthropic, and OpenAI Codex to execute development tasks directly within GitHub and developer editors while preserving repository context, session history, and review workflows. Copilot Pro+ and […]

GitHub enables multi-agent AI coding inside repository workflows Read More »

Apple Xcode 26.3 adds coding agent support from OpenAI and Anthropic

Anthropic, apple, News, OpenAI, programming, software development /

Apple Xcode 26.3 adds coding agent support from OpenAI and Anthropic 2026-02-04 at 11:56 By Sinisa Markovic Apple released Xcode 26.3 with new agentic coding capabilities designed to let AI systems carry out development tasks inside the IDE. The release supports agents such as Anthropic’s Claude Agent and OpenAI’s Codex. Coding agents can break down

Apple Xcode 26.3 adds coding agent support from OpenAI and Anthropic Read More »

As AI raises the stakes, app modernization and security are becoming inseparable

Artificial Intelligence, CISO, Cloudflare, cybersecurity, News, report, software development, strategy /

As AI raises the stakes, app modernization and security are becoming inseparable 2026-01-16 at 08:47 By Anamarija Pogorelec Security leaders are under pressure to support AI programs that move from pilots into production. New Cloudflare research suggests that success depends less on experimentation and more on disciplined application modernization tied closely to security strategy. The

As AI raises the stakes, app modernization and security are becoming inseparable Read More »

From experiment to production, AI settles into embedded software development

Artificial Intelligence, cybersecurity, embedded systems, News, report, RunSafe Security, software development, survey /

From experiment to production, AI settles into embedded software development 2026-01-02 at 07:30 By Sinisa Markovic AI-generated code is already running inside devices that control power grids, medical equipment, vehicles, and industrial plants. AI moves from experiment to production AI tools have become standard in embedded development workflows. More than 80% of respondents to a

From experiment to production, AI settles into embedded software development Read More »

AI code looks fine until the review starts

Artificial Intelligence, code, code review, CodeRabbit, cybersecurity, News, open source, report, software development /

AI code looks fine until the review starts 2025-12-23 at 08:23 By Anamarija Pogorelec Software teams have spent the past year sorting through a rising volume of pull requests generated with help from AI coding tools. New research puts numbers behind what many reviewers have been seeing during work. The research comes from CodeRabbit and

AI code looks fine until the review starts Read More »

Malicious Rust packages targeted Web3 developers

blockchain, Crate.io, Cryptocurrency, Don't miss, Ethereum, Hot stuff, News, software development /

Malicious Rust packages targeted Web3 developers 2025-12-04 at 17:06 By Zeljka Zorz A malicious Rust crate (package) named evm-units, aimed at stealing cryptocurrency from unsuspecting developers, has been pulled from the official public package registry for the Rust programming language, but not before having been downloaded 7257 times. Another package (uniswap-utils) by the same author

Malicious Rust packages targeted Web3 developers Read More »

What happens when vulnerability scores fall apart?

CVE, cybersecurity, News, open source, report, risk, software development, Sonatype, vulnerability disclosure /

What happens when vulnerability scores fall apart? 2025-11-24 at 07:54 By Anamarija Pogorelec Security leaders depend on vulnerability data to guide decisions, but the system supplying that data is struggling. An analysis from Sonatype shows that core vulnerability indexes no longer deliver the consistency or speed needed for the current software environment. A system that

What happens when vulnerability scores fall apart? Read More »

OpenAI’s gpt-oss-safeguard enables developers to build safer AI

cybersecurity, Don't miss, News, OpenAI, software development /

OpenAI’s gpt-oss-safeguard enables developers to build safer AI 2025-10-29 at 19:07 By Sinisa Markovic OpenAI is releasing a research preview of gpt-oss-safeguard, a set of open-weight reasoning models for safety classification. The models come in two sizes: gpt-oss-safeguard-120b and gpt-oss-safeguard-20b. Both are fine-tuned versions of the gpt-oss open models and available under the Apache 2.0

OpenAI’s gpt-oss-safeguard enables developers to build safer AI Read More »

AI writes code like a junior dev, and security is feeling it

Artificial Intelligence, code, cybersecurity, News, Ox Security, report, software development /

AI writes code like a junior dev, and security is feeling it 2025-10-27 at 08:46 By Anamarija Pogorelec The industry is entering a phase where code is being deployed faster than it can be secured, according to OX Security. Findings from the Army of Juniors: The AI Code Security Crisis report show that AI-generated code

AI writes code like a junior dev, and security is feeling it Read More »

When AI writes code, humans clean up the mess

Aikido Security, Artificial Intelligence, code, cybersecurity, News, regulation, report, software development /

When AI writes code, humans clean up the mess 2025-10-24 at 10:42 By Anamarija Pogorelec AI coding tools are reshaping how software is written, tested, and secured. They promise speed, but that speed comes with a price. A new report from Aikido Security shows that most organizations now use AI to write production code, and

When AI writes code, humans clean up the mess Read More »

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S.

AI, Australia, Canada, Don't miss, Europe, financial industry, Germany, Government, healthcare, Hot stuff, India, Insider Threat, Japan, News, North Korea, Okta, remote working, Singapore, software development, tips, UK, USA /

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S. 2025-10-01 at 17:24 By Zeljka Zorz North Korea’s clandestine IT Worker (ITW) program, which is long known for targeting U.S. technology firms and crypto firms, has broadened its scope to attempt to infiltrate a variety of industries worldwide, including finance, healthcare, public

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S. Read More »

How Juventus protects fans, revenue, and reputation during matchdays

CISO, Compliance, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, resilience, Risk Management, security awareness, software development, strategy /

How Juventus protects fans, revenue, and reputation during matchdays 2025-09-22 at 10:29 By Mirko Zorz In this Help Net Security interview, Mirko Rinaldini, Head of ICT at Juventus Football Club, discusses the club’s approach to cyber risk strategy. Juventus has developed a threat-led, outcomes-driven program that balances innovation with protections across matchdays, e-commerce, and digital

How Juventus protects fans, revenue, and reputation during matchdays Read More »

Behind the scenes of cURL with its founder: Releases, updates, and security

code, cybersecurity, Don't miss, Features, Hot stuff, how-to, News, open source, opinion, patching, software, software development, strategy, tips, vulnerability management /

Behind the scenes of cURL with its founder: Releases, updates, and security 2025-09-18 at 09:01 By Mirko Zorz In this Help Net Security interview, Daniel Stenberg, lead developer od cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of

Behind the scenes of cURL with its founder: Releases, updates, and security Read More »

Default Cursor setting can be exploited to run malicious code on developers’ machines

Cursor, Don't miss, Hot stuff, News, Oasis Security, programming, software development, vulnerability /

Default Cursor setting can be exploited to run malicious code on developers’ machines 2025-09-11 at 14:02 By Zeljka Zorz An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers have warned. An exploitable vulnerability in the Cursor AI editor Cursor is

Default Cursor setting can be exploited to run malicious code on developers’ machines Read More »

Five habits of highly secure development teams

Application Security, DevSecOps, Don't miss, News, Optiv Security, Privacy, software development, Video /

Five habits of highly secure development teams 2025-09-03 at 07:46 By Help Net Security In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, including default-deny architecture, privacy in the

Five habits of highly secure development teams Read More »

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)

CISA, Don't miss, Git, Hot stuff, News, PoC, software development, vulnerability /

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) 2025-08-26 at 13:47 By Zeljka Zorz CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) Read More »

AI built it, but can you trust it?

Application Security, Artificial Intelligence, CISO, cybersecurity, DevSecOps, Don't miss, Features, Hot stuff, Minimus, News, software development /

AI built it, but can you trust it? 2025-07-07 at 09:02 By Mirko Zorz In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He also

AI built it, but can you trust it? Read More »

Unpacking the security complexity of no-code development platforms

Application Security, code, cybersecurity, Don't miss, Features, Hot stuff, News, Nokod Security, software development /

Unpacking the security complexity of no-code development platforms 2025-06-13 at 09:02 By Mirko Zorz In this Help Net Security interview, Amichai Shulman, CTO at Nokod Security, discusses how the abstraction layer in no-code environments complicates security by obscuring data flow, identity propagation, and control logic. Shulman also addresses why vulnerabilities in no-code applications go far

Unpacking the security complexity of no-code development platforms Read More »

Shift left strategy creates heavy burden for developers

cybersecurity, News, Pynt, report, software development, survey /

Shift left strategy creates heavy burden for developers 2025-05-23 at 07:32 By Help Net Security While 47% of organizations claim to have implemented shift left security strategies, many still struggle with execution gaps and security inefficiencies, according to Pynt. Of those who haven’t implemented shift left, half of them have no plans to do so

Shift left strategy creates heavy burden for developers Read More »

Package hallucination: LLMs may deliver malicious code to careless devs

Artificial Intelligence, Don't miss, Hot stuff, JavaScript, LLMs, Malware, News, programming, Python, software development /

Package hallucination: LLMs may deliver malicious code to careless devs 2025-04-14 at 15:46 By Zeljka Zorz LLMs’ tendency to “hallucinate” code packages that don’t exist could become the basis for a new type of supply chain attack dubbed “slopsquatting” (courtesy of Seth Larson, Security Developer-in-Residence at the Python Software Foundation). A known occurrence Many software

Package hallucination: LLMs may deliver malicious code to careless devs Read More »

Scroll to Top