Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Business Wire

Span Launches Universal AI Code Detector to Help Technology Leaders Measure the Adoption and Impact of AI-assisted Coding

New capability brings clarity to the impact of AI transformation, helping engineering leaders report with confidence and drive smarter investment decisions. SAN FRANCISCO--(BUSINESS WIRE)--Span, the ...
IEEE

Towards Generating Maintainable and Comprehensible API Code Examples

Abstract: One of the most effective resources for learning application programming interfaces (APIs) is code examples. The shortage of such examples can pose a significant learning obstacle for API ...
Inc

Will Commercial Samples Ship Duty Free Anymore After De Minimis Changes? It’s Complicated

Low-dollar shipments from overseas are about to get more expensive. The days are ticking down until the de minimis exemption for customs duties expires as part of President Trump’s global tariff ...
TechRepublic

Anthropic’s Claude Code Arms Developers With Always-On AI Security Reviews

Anthropic’s Claude Code Arms Developers With Always-On AI Security Reviews Your email has been sent Claude Code just got sharper. Anthropic has rolled out an always-on AI security review system that ...
acm.org

Nonsense and Malicious Packages: LLM Hallucinations in Code Generation

The goal of generative AI tools, powered by large language models (LLMs), is to finish the task assigned to them; to provide a complete response to a prompt. As is now well-established, models ...
Wired

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
TechCrunch

Microsoft CEO says up to 30% of the company’s code was written by AI

During a fireside chat with Meta CEO Mark Zuckerberg at Meta’s LlamaCon conference on Tuesday, Microsoft CEO Satya Nadella said that 20% to 30% of code inside the company’s repositories was “written ...
Dark Reading

AI Code Tools Widely Hallucinate Packages

The tendency of code-generating large language models (LLMs) to produce completely fictitious package names in response to certain prompts is significantly more widespread than commonly recognized, a ...