November 7, 2024 at 08:38AM Symbiotic Security has launched a software-as-a-service platform that integrates security tools into developers’ environments, enabling real-time vulnerability detection and remediation. By providing contextual feedback and training, it aims to address the challenges of shift-left security and improve secure coding practices. The company raised $3 million in seed funding. ### Meeting … Read more
September 11, 2024 at 12:04AM Wiz launched Wiz Code, a cloud app security product that identifies and resolves cloud risks in code before they become critical issues. It integrates with developer environments, highlighting security issues and providing fix suggestions. Wiz Code aims to enhance collaboration between security and development teams by aligning issues with their … Read more
August 21, 2024 at 08:08AM Developers are turning to AI programming assistants, but recent research warns about the risk of incorporating code suggestions without scrutiny, as large language models (LLMs) can be manipulated to release vulnerable code. The CodeBreaker method effectively poisons LLMs to suggest exploitable code. Developers must critically assess code suggestions and focus … Read more
August 13, 2024 at 10:08AM Software engineers are facing a future where generative AI will diminish traditional code writing, emphasizing security and collaboration. Despite enthusiasm for AI tools, a Snyk survey found developers overlook security issues, risking insecure code. Developers’ future jobs will involve guiding AI’s code generation, ensuring security, and educating teams. Successful transition … Read more
June 6, 2024 at 08:18AM Kiuwan, a code security firm owned by US-based Idera, took almost two years to patch critical vulnerabilities in its SAST and Local Analyzer products. Discovered by SEC Consult, the flaws included XSS, XXE injection, privilege escalation, and IDOR issues, posing significant security risks to users. Despite extensive coordination, Kiuwan’s response … Read more
May 29, 2024 at 07:25PM Cybercriminals have been using Stack Overflow to spread malware, posing as helpful contributors answering users’ questions about a PyPi package named ‘pytoileur’ which actually installs Windows information-stealing malware. This malicious package is part of the ‘Cool package’ campaign and was promoted through typo-squatting and Stack Overflow answers. Developers are urged … Read more
May 7, 2024 at 11:00AM Cloud security company Wiz raised $1 billion at a $12 billion valuation in a funding round led by Andreessen Horowitz, Lightspeed Venture Partners, and Thrive Capital. The company’s platform offers various security capabilities, with a focus on cloud security posture management and infrastructure entitlement management. Wiz aims to continue innovating … Read more
April 10, 2024 at 09:15AM Threat actors are leveraging GitHub’s search feature to dupe users into downloading malicious code by creating fake repositories with popular names. The attackers manipulate search rankings and use fake stars to deceive users. Researchers warn of the ongoing threat to the open-source ecosystem and emphasize the need for caution when … Read more
April 6, 2024 at 12:18PM A recently discovered sophisticated backdoor in the xz software library raised concerns about the security of open-source code. The backdoor could allow remote control over infected systems, highlighting the risks of widely used code. Experts debate whether large corporations should contribute to securing such code. Join the Kettle series for … Read more
March 4, 2024 at 08:31AM Cyberattackers have created over 100,000 malicious repositories on GitHub, with some estimates reaching over a million. They use automation to copy, infect, and reupload existing repositories, tricking developers into downloading malware. GitHub’s security mechanisms remove most fakes, but some still slip through. Organizations need policies to protect against these attacks. … Read more