Jeff Burt

AI-Generated Code Packages Can Lead to ‘Slopsquatting’ Threat

April 18, 2025 | AI code generation, AI hallucinations, Large Language Models, slopsquatting, software supply chain risks

AI hallucinations – the occasional tendency of large language models to respond to prompts with incorrect, inaccurate or made-up answers – have been an ongoing concern as the enterprise adoption of generative ...

repositories, GitHub, Arm, extension, GitHub, Copilot, Git, bloat, malicious, GitLab, memory-safe, CISA, agency, Skillsoft GitHub GitKraken code QA

GitHub Brings Together Security, Developers to Fix Code Flaws

April 11, 2025 | ai, CI/CD, code vulnerabilities, GitHub Copilot

GitHub is linking developers with security pros to reduce the number of vulnerabilities that may be hiding in code that already is in workflows. The highly popular Microsoft-owned code repository this week ...

GitHub Action Compromise Risks Data Leaks for 23,000 Repositories

March 17, 2025 | GitHub Actions, leaked secrets, Python, software supply chain attacks

The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories ...

Bad Actor Targets Linux, macOS Developers with Typosquatted Go Packages

March 7, 2025 | Cybersecurity, Go, software supply chain risks, typosquatting

The attacker published at least seven malicious packages on the Go Module Mirror that, if installed, will deliver a backdoor ...

scam, developers, freelance, developer, experience, DevEx, development ruby on rails, speed to market, developer happiness, low-code citizen developers development

North Korean Bad Actor’s Fake Job Offer Scam Targets Developers

February 25, 2025 | fake job, freelance developers, North Korea

Freelance developers around the world are being targeted by North Korean bad actors posing as job recruiters who as part of the fake application process entice them to run software jobs that ...

North Korea’s Lazarus Group Targets Developers, Supply Chain

February 17, 2025 | github, Lazarus Group, North Korea, NPM, Software Supply Chain

North Korea’s notorious Lazarus Group is using an advanced malicious implant to target cryptocurrency wallets and spreading it via legitimate GitHub profile and possibly through npm packages. The ongoing campaign, dubbed Operation Marstech ...

JFrog, security, devsecops, Digma, code, Go, code, kernel, eBPF, Veracode GitKraken JFrog GitGuardian organizations, quality fear unknown software app Rust Contrast Security Adds API Support to Application Security Platform

Typosquat Supply Chain Attack Targets Go Developers

February 5, 2025 | GitHub repositories, Golang, malicious code, software supply chain attacks

A backdoor that impersonates a widely used database module in the popular Go programming language can give hackers control of infected systems, according to a senior threat intelligence analyst with developer-focused platform ...

CISA, security, Salesforce Cybersecurity, API security, DevSecOps

CISA Pushes Steps to Better Secure Software and Product Designs

January 10, 2025 | CISA, Cybersecurity, secure software development

The country’s top cybersecurity agency is urging developers to take steps to ensure the software they’re building and the products they roll out are secure and protect end users. The Cybersecurity and ...