Latest Developer Hacking & Security News | Developer News

GitHub rotates credentials following vulnerability discovery

Ryan Daws — Wed, 17 Jan 2024 16:58:10 +0000

GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials, the company revealed Tuesday. The Microsoft-owned firm said it first became aware of the high-severity security flaw tracked as CVE-2024-0200 on 26 December 2023. After investigating the issue and verifying there was no evidence it... Read more »

The post GitHub rotates credentials following vulnerability discovery appeared first on Developer Tech News.

David DeSanto, GitLab: AI’s impact on software development in 2024

Ryan Daws — Thu, 07 Dec 2023 15:18:37 +0000

David DeSanto, Chief Product Officer at GitLab, foresees a paradigm shift in the realm of software development in 2024—with AI taking centre stage. GitLab’s 2023 Global DevSecOps Report serves as the foundation for these predictions, offering a glimpse into the future landscape of organisations’ software development toolchains. AI bias: A hurdle on the path to... Read more »

The post David DeSanto, GitLab: AI’s impact on software development in 2024 appeared first on Developer Tech News.

PHP 8.0 reaches EOL leaving some websites vulnerable

Ryan Daws — Mon, 27 Nov 2023 12:43:31 +0000

PHP 8.0 reached its end of life (EOL) on 26 November 2023 and will no longer receive any updates or patches. PHP 8.0 was released on 26 November 2020 and brought many new features and improvements such as named arguments, attributes, constructor property promotion, match expression, nullsafe operator, JIT, and more. The EOL of PHP... Read more »

The post PHP 8.0 reaches EOL leaving some websites vulnerable appeared first on Developer Tech News.

Checkmarx uncovers persistent Python package threat

Ryan Daws — Thu, 16 Nov 2023 13:00:03 +0000

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain. The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in,... Read more »

The post Checkmarx uncovers persistent Python package threat appeared first on Developer Tech News.

AI coding assistants: A double-edged sword for DevOps in 2024

Ryan Daws — Fri, 10 Nov 2023 14:06:02 +0000

A growing reliance on AI-powered coding assistants is reshaping how DevOps teams operate, for better or worse. According to Forrester’s 2024 cybersecurity, risk, and privacy predictions, AI coding assistants are becoming integral to boosting productivity. However, a cautionary note accompanies this technological shift, as Forrester warns of potential pitfalls that could lead to cybersecurity breaches.... Read more »

The post AI coding assistants: A double-edged sword for DevOps in 2024 appeared first on Developer Tech News.

Wallarm highlights disturbing trends in API security threats

Ryan Daws — Wed, 08 Nov 2023 10:40:12 +0000

Wallarm has released its Q3 2023 API ThreatStats report which sheds light on the escalating threats targeting APIs and revealing vulnerabilities that have impacted industry giants such as Netflix, VMware, and SAP. The report’s revamped ‘Top 10 API Security Threats’ compilation outlines 239 vulnerabilities discovered during the quarter, with injections taking the lead. Injections involve... Read more »

The post Wallarm highlights disturbing trends in API security threats appeared first on Developer Tech News.

Android finally checks sideloaded apps for malware before installs

Ryan Daws — Thu, 19 Oct 2023 16:12:38 +0000

In response to growing cyber threats, Google has introduced an update to bolster Android security. This enhancement focuses on strengthening malware detection before app installations, ensuring a safer Android ecosystem. With this update, Google Play Protect now conducts real-time scans at the code-level during the app installation process: By providing users with immediate feedback about... Read more »

The post Android finally checks sideloaded apps for malware before installs appeared first on Developer Tech News.

Sauce Labs exposes some developers’ risky habits

Ryan Daws — Tue, 03 Oct 2023 15:32:51 +0000

A survey by Sauce Labs of 500 US-based developers has put the spotlight on some concerning practices. One alarming discovery was the tendency of developers to push code to production without adequate testing. 67 percent of respondents admitted to this practice, jeopardising software quality, user experience, and system stability. Additionally, 68 percent confessed to merging... Read more »

The post Sauce Labs exposes some developers’ risky habits appeared first on Developer Tech News.

GitHub opens Copilot Chat to all developers

Ryan Daws — Thu, 21 Sep 2023 12:42:55 +0000

GitHub has announced that Copilot Chat is now available to all developers, ushering in a new era of AI-powered software development. Copilot Chat was launched for ‘Business’ users in July. The AI assistant is capable of assisting developers in their preferred natural language and promises to reduce repetitive tasks. Developers can use the assistant to... Read more »

The post GitHub opens Copilot Chat to all developers appeared first on Developer Tech News.

Sonatype reveals DevOps and SecOps leaders’ views on generative AI

Ryan Daws — Tue, 12 Sep 2023 13:22:22 +0000

While the tech community remains divided on the potential of generative AI tools, there’s a consensus that their impact on the industry is comparable to the adoption of cloud technology. Software engineers are harnessing generative AI to explore libraries, create new code, and enhance their development process, while application security professionals employ it for code... Read more »

The post Sonatype reveals DevOps and SecOps leaders’ views on generative AI appeared first on Developer Tech News.