AI is changing software development, but not always for the better

A row of software developers with some humans and some digital as software development is changing before our eyes, with AI becoming a real workmate for developers everywhere as highlighted by a discussion between Microsoft CEO Satya Nadella and Meta's Mark Zuckerberg during the LlamaCon event.

Software development is changing right before our eyes, with AI becoming a real workmate for developers everywhere.

This change isn’t just happening in trendy startups either, the tech giants are all in. We got a fascinating peek behind the curtain recently, thanks to a discussion between Microsoft CEO Satya Nadella and Meta's Mark Zuckerberg.

AI has already changed software development

During Meta's LlamaCon AI event, Zuckerberg directly asked Nadella about the AI...

30 April 2025 | Approaches

Endor Labs deploys AI agents to counter vibe coding risks

Bright text as Endor Labs expands its application security (AppSec) platform with agents to address development risks posed by AI and vibe coding, including what the company claims is the industry’s most comprehensive security dataset.

Endor Labs is expanding its application security (AppSec) platform with agents to address development risks posed by AI and vibe coding.

Bolstered by agentic AI and what the company claims is the industry’s most comprehensive security dataset, the platform moves beyond mere risk identification to prioritise threats, propose solutions, and even implement fixes automatically.

The move comes amid a dramatic shift in software development practices. The rise of AI coding...

23 April 2025 | Approaches

Masquerading payment npm package installs backdoor

Mannequin wearing a masquerade mask as cybersecurity researchers at Socket uncover a malicious npm module disguised as a legitimate package for payments integration that hijacks server control during payment transactions.

Cybersecurity researchers at Socket have uncovered a malicious npm package that hijacks server control during payment transactions.

The package, @naderabdi/merchant-advcash, masquerades as a legitimate integration for the digital payment platform Advcash (now rebranded as Volet). The package embeds a reverse shell activated after successful payments that enables attackers to remotely commandeer systems.

Advcash, though niche compared to mainstream services like PayPal,...

15 April 2025 | Blockchain

Security flaws hit PyTorch Lightning deep learning framework

Photo of lightning as popular deep learning framework, PyTorch Lightning, has been found to contain multiple critical security flaws that could potentially allow attackers to execute arbitrary code by loading untrusted model files.

Popular deep learning framework, PyTorch Lightning, has been found to contain multiple critical security flaws.

The deserialisation vulnerabilities, identified under the reference VU#252619, impacts all versions of the framework up to and including version 2.4.0 and could potentially allow attackers to execute arbitrary code by loading untrusted model files.

The discovery of these vulnerabilities was made by Kasimir Schulz from HiddenLayer and the disclosure was...

8 April 2025 | Artificial Intelligence

Python proposes standardised lock file format with PEP 751

Python wrapped around a lock as the community is set to adopt PEP 751 an enhancement aimed at improving dependency management and installation reproducibility that promises to streamline developer workflows, enhance security, and foster greater interoperability between various development tools for packaging.

The Python community is set to adopt PEP 751, an enhancement aimed at improving dependency management and installation reproducibility.

PEP 751 introduces a standardised file format, pylock.toml, designed to create an immutable record of both direct and indirect dependencies for Python environments. Recently marked as 'Accepted,' the proposal promises to streamline workflows, enhance security, and foster greater interoperability between various Python packaging...

2 April 2025 | Developer

Website hijack campaign now impacting 150,000 sites

Skull and crossed swords synonymous with piracy as a sophisticated website hijack campaign initially detected in February has seen a dramatic escalation, with security analysts now estimating that approximately 150,000 websites have been compromised.

A sophisticated website hijack campaign initially detected in February has seen a dramatic escalation, with security analysts now estimating that approximately 150,000 websites have been compromised.

The initial discovery flagged over 35,000 targeted websites. Himanshu Anand, a software engineer and security analyst at c/side, has continued to monitor the threat actor's activities and uncovered new tactics and techniques employed in this expanding operation.

What's new in...

27 March 2025 | Developer

Google bolsters Android security for app developers and users

Google mascot with a shield on its shirt illustrating the Android platform security advancements being made by the company to protect app developers and users.

App developers in the Android ecosystem can breathe a little easier knowing that Google is doubling down on platform security.

Suzanne Frey – VP, Product, Trust & Growth for Android & Play at Google – has outlined a series of enhancements designed to make it simpler for developers to create secure apps while simultaneously fortifying the protection of the Google Play Store for millions of users worldwide.

"Knowing that you’re building on a safe, secure...

26 March 2025 | Android

Critical security flaw uncovered in Next.js framework

Caution pattern illustrating the discovery of a critical security flaw discovered in the popular Next.js framework, potentially impacting millions of websites and applications.

A critical security flaw has been discovered in the popular Next.js framework, potentially impacting millions of websites and applications.

Security researchers Rachid Allam, known online as zhero, and Yasser Allam (inzo_) collaborated to uncover the flaw within the framework's middleware functionality.

Next.js, boasting over 130,000 stars on GitHub and nearly 10 million weekly downloads, is a framework built upon React. Its extensive feature set makes it a popular...

24 March 2025 | Developer

Python package ‘set-utils’ targets Ethereum wallets

Photo of an Ethereum coin as researchers from Socket uncover a malicious package designed to steal private keys for Ethereum wallets to steal crypto within the Python Package Index (PyPI).

A malicious package designed to steal private keys for Ethereum wallets has been uncovered within the Python Package Index (PyPI).

According to Socket, this package – named 'set-utils' – masquerades as a utility for Python sets and has been actively targeting developers.

"The Socket Research Team has discovered a malicious PyPI package, set-utils, designed to steal Ethereum private keys by exploiting commonly used account creation functions," the team...

6 March 2025 | Blockchain

Microsoft Copilot continues to expose private GitHub repositories 

Variety of mobile AI apps on a smartphone illustrating an investigation by security company Lasso following a LinkedIn post that caused alarm by alleging that ChatGPT (and, by association, the Microsoft Copilot tool) was capable of accessing data from private GitHub repositories.

In August 2024, a LinkedIn post caused alarm by alleging that ChatGPT (and, by association, Microsoft Copilot) was capable of accessing data from private GitHub repositories. Such a claim, if true, could have significant ramifications for data security and privacy.

Eager to uncover the truth behind the claim, the research team at Lasso, a digital security company, undertook a thorough investigation. What they found was a digital conundrum involving cached, publicly exposed, and...

28 February 2025 | Artificial Intelligence