Hackers exploit critical flaw in Ninja Forms WordPress plugin

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution.
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
IEEE

UltraVCS: Ultra-Fine-Grained Variable-Based Code Slicing for Automated Vulnerability Detection

Abstract: Detecting vulnerabilities in source code using deep learning models is emerging as a valuable research area. The key issue in using deep learning to detect vulnerabilities is the accurate ...
IEEE

Fight Fire With Fire: How Much Can We Trust ChatGPT on Source Code-Related Tasks?

Abstract: With the increasing utilization of large language models such as ChatGPT during software development, it has become crucial to verify the quality of code content it generates. Recent studies ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...