Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Business Wire

Span Launches Universal AI Code Detector to Help Technology Leaders Measure the Adoption and Impact of AI-assisted Coding

New capability brings clarity to the impact of AI transformation, helping engineering leaders report with confidence and drive smarter investment decisions. SAN FRANCISCO--(BUSINESS WIRE)--Span, the ...
IEEE

Towards Generating Maintainable and Comprehensible API Code Examples

Abstract: One of the most effective resources for learning application programming interfaces (APIs) is code examples. The shortage of such examples can pose a significant learning obstacle for API ...
TechRepublic

Anthropic’s Claude Code Arms Developers With Always-On AI Security Reviews

Anthropic’s Claude Code Arms Developers With Always-On AI Security Reviews Your email has been sent Claude Code just got sharper. Anthropic has rolled out an always-on AI security review system that ...
acm.org

Nonsense and Malicious Packages: LLM Hallucinations in Code Generation

The goal of generative AI tools, powered by large language models (LLMs), is to finish the task assigned to them; to provide a complete response to a prompt. As is now well-established, models ...
Wired

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
TechCrunch

Microsoft CEO says up to 30% of the company’s code was written by AI

During a fireside chat with Meta CEO Mark Zuckerberg at Meta’s LlamaCon conference on Tuesday, Microsoft CEO Satya Nadella said that 20% to 30% of code inside the company’s repositories was “written ...
Dark Reading

AI Code Tools Widely Hallucinate Packages

The tendency of code-generating large language models (LLMs) to produce completely fictitious package names in response to certain prompts is significantly more widespread than commonly recognized, a ...
Bleeping Computer

AI-hallucinated code dependencies become new supply chain risk

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. The ...