2+ hour, 46+ min ago  (689+ words) AI-driven development is not something organizations can or should block. But it must be governed. In February 2025, Andrej Karpathy coined the term "vibe coding" to describe a new way of building software: rapid, AI-assisted development where users "fully give in…...

3+ day, 6+ hour ago  (558+ words) Emphere's solution delivers AI-driven remediation to software companies to speed up releases. Emphere, a Seattle cybersecurity startup building an AI-driven vulnerability remediation platform, this week announced raising $2. 1 million in pre-seed funding from AI2 Incubator and Outsiders Fund. The startup's approach to…...

3+ day, 1+ hour ago  (961+ words) CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerability. Including npm packages in software development projects saves but can introduce unseen but known…...

4+ day, 10+ hour ago  (618+ words) A researcher has disclosed the full details of the vulnerability and released a Po C without notifying Microsoft in advance. A security researcher has disclosed details of a severe Visual Studio Code (VS Code) vulnerability that can be exploited to…...

1+ week, 6+ hour ago  (561+ words) Proof-of-concept (Po C) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems. A vulnerability that lurked in the Linux kernel for 19 years allows low-privileged users to obtain root-level privileges…...

1+ week, 2+ day ago  (657+ words) The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. Obsidian Security has released technical information and proof-of-concept (Po C) code targeting a remote code execution (RCE) vulnerability in Flowise....

1+ week, 3+ day ago  (705+ words) The popular open source self-hosted Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution (RCE), Rapid7 reports. The critical-severity issue, assigned a CVSS score of 9. 4, is an argument injection flaw that can be…...

1+ week, 4+ day ago  (725+ words) France-based startup Edamame says its runtime verification platform uses host telemetry and AI analysis to detect coding-agent "intent drift," secret theft and supply-chain attacks in real time. The North Atlantic Drift, an extension of the Gulf Stream, brings warm waters…...

1+ week, 4+ day ago  (565+ words) The security flaw allowed attackers to pull private container images, exposing source code, credentials, and infrastructure. A vulnerability in open source, self-hosted Git service Gitea could have allowed unauthenticated attackers to pull private container images from over 30, 000 deployments, AI pentesting…...

1+ week, 5+ day ago  (495+ words) The AI giant says the new plugin, which helps developers find vulnerabilities as they write code, has been used extensively internally. Anthropic has announced two new security features for its Claude AI: a self-hosted sandbox and a new security guidance…...