Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
TMCnet

AgileAI Labs Unveils Spec2TestAI's Natural Language No-Code Automated Testing Tool

Software Development Teams build an end-to-end project knowledge base that self-improves generating enhanced, fully traceable ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
ADTmag

Project Valhalla Targets JDK 28 as Java SE Expert Group Begins Work

The Java Community Process formally launches development of Java SE 28, with Project Valhalla once again positioned as the release's most closely watched feature.

The maker of ChatGPT wants to make open-source projects less of a security bargain

As AI tools flood open-source maintainers with low quality bug reports, OpenAI's new Patch the Planet initiative aims to filter out the noise and fix real threats.
IEEE

Combining Graph-Based Learning With Automated Data Collection for Code Vulnerability Detection

Abstract: This paper presents FUNDED (Flow-sensitive vUl-Nerability coDE Detection), a novel learning framework for building vulnerability detection models. Funded leverages the advances in graph ...
JCN Newswire

Fujitsu and IBM Japan collaborate on modernization to support enterprise digital transformation

Fujitsu Limited and IBM Japan, Ltd. today announced that they will accelerate their collaboration in the field of business system modernization in order to advance enterprise digital transformation ...

Broadcom Expands Its Investment in Spring and Java Ecosystem Security to Prepare Customers for AI-Enabled Threats

Today, Broadcom Inc. (NASDAQ: AVGO), a global technology leader that designs, develops, and supplies semiconductor and infrastructure software solutions, announced significant security investments for ...
IEEE

License Compatibility Detection for OpenJavaWorks Open-Source Projects Based on Code Similarity

Abstract: This study investigates the relationship between code similarity and open-source license compatibility in Java projects. While the extensive use of open-source projects promotes code reuse, ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...