#CodeSecurity — Search

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

Cybersecurity News Everyday @TweetThreatNews · 1d

A bug in Open VSX’s pre-publish scanner let malicious VS Code extensions bypass security checks by misclassifying failures as no scanners configured. Fixed in version 0.32.0. #OpenSesame #CodeSecurity #SoftwareFlaw ift.tt/8dZWRSc

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX's pre-publish scanning pipeline contained a bug that misinterpreted scanner failures as

From hendryadrian.com

Cybersecurity News Everyday @TweetThreatNews · 2d

GitHub enhances Code Security with AI-powered bug detection to complement CodeQL, expanding vulnerability coverage for Shell, Dockerfiles, Terraform, PHP, and more. Preview expected early Q2 2026. #CodeSecurity #DevOpsTools #AIIntegration ift.tt/pwNOlqQ

GitHub adds AI-powered bug detection to expand security coverage

GitHub is adopting AI-based scanning in its Code Security tool to complement CodeQL and expand vulnerability detection across additional languages and frameworks. The hybrid model keeps CodeQL for...

From hendryadrian.com

110

Martin - AiPokusy.cz @AipokusyCz · 3d

🤖 Nový "auto mode" v Claude Code brání AI kódovacím katastrofám! Automatická rozhodnutí a vestavěné bezpečnostní pojistky pro efektivnější a bezpečnější vývoj. Zatím pro uživatele Teams. #AI #CodeSecurityh

A Culpa é de Sec Podcast @100HnoMeuNome · 4d

Processo e ferramentas! #devsecops #codesecurity youtube.com/shorts/ZF0fYNG… via @YouTube #devsecops

PulsePatch.io @pulsepatchio · 4d

An authenticated repo import flaw in `Soft Serve` (CVE-2026-33353) may permit cloning of server-local private repositories. Monitor official channels for patch availability. #InfoSec #CodeSecurity #Vulnerability pulsepatch.io/posts/cve-2026…

Docsie.io @likalo_llc · 5d

Finding vulnerabilities in codebases is like searching for needles in a haystack – except some needles are hidden, and some aren't even known. This makes the false positive problem worse and wastes resources on analyzing massive codebases. #CodeSecurity #RomeThorstenson

Mykola Kondratiuk @ItsKondrat · 5d

I scanned 100 AI-generated codebases for security issues. here's what I found (it's worse than you think) #VibeCoding #CodeSecurity #BuildInPublic

Docsie.io @likalo_llc · Mar 21

Vulnerabilities sneak into codebases monthly, often due to deadlines. Reviewing past PRs with AI can help, but results vary. Secure your code by identifying and fixing these often-missed issues. #CodeSecurity #DevOps #RomeThorstenson

browsertotal @browsertotal · Mar 19

💻 Secure Coding Tip: Always audit your dependencies before publishing Our analysis of 1307 packages: • 406 high-risk packages • Average score: 43/100 Learn secure coding #DeveloperSecurity #CodeSecurity #AppSecd

iT4iNT SERVER Pvt Ltd @it4int · Mar 18

iT4iNT SERVER Claude Code Security and Magecart: Getting the Threat Model Right dlvr.it/TRYnSq VDS VPS Cloud #CyberSecurity #Magecart #CodeSecurity #AI #StaticAnalysis

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

From thehackernews.com

Kannan Subbiah @kannagoldsun · Mar 18

From #SAST to “Shift Everywhere”: Rethinking #CodeSecurity in 2026 dzone.com/articles/refac… via @DZoneInc

Rethinking Code Security in 2026

Learn in this article how cloud-native design, AI-assisted development, and complex dependencies are changing how teams assess and manage source code risk.

From dzone.com

VTBC ┋ @vtbcfeed · Mar 18

Theori has made Xint Code commercially available, an LLM-native static application security testing (SAST) tool capable of analyzing millions of lines of source code, configuration files, and… dlvr.it/TRYYP6 #AI #CodeSecurity #MachineLearning #SAST #ApplicationSecurity

Theori brings Xint Code to market for large-scale AI code security analysis - Help Net Security

Theori makes Xint Code available, an LLM-native SAST tool that scans millions of lines of code, configs, and binaries in under 12 hours.

From helpnetsecurity.com

Cybersecurity News Everyday @TweetThreatNews · Mar 12

Threat actors use fake developer job interviews to deliver malware via malicious NPM packages and VS Code tasks, stealing API tokens and cloud creds with backdoors like Invisible Ferret and FlexibleFerret. #DeveloperJobs #CodeSecurity ift.tt/sxYnkMW

Contagious Interview: Malware delivered through fake developer job interviews

Microsoft Defender Experts documented the Contagious Interview campaign that uses fake technical interview workflows to trick developers into running malicious NPM packages and Visual Studio Code...

From hendryadrian.com

Kale Francis @_kale_francis_ · Mar 8

Replying to @_kale_francis_

But here's the game-changer: Not just reports. It auto-generates fixes (context-aware, not boilerplate) and opens a PR on GitHub. Review/merge in secs. Shift security left—before prod. #DevSecOps #CodeSecurity

webtoolskit @webtoolski25142 · Mar 8

Protect your JavaScript code instantly! 🛡️ Prevent theft & block reverse-engineering with our FREE online Javascript Obfuscator. Secure your IP today! Try it here → webtoolskit.org/p/javascript-o… #JavaScript #CodeSecurity #WebDev