Tag: dependency confusion attack
-
Slashdot: AI-Generated Code Creates Major Security Risk Through ‘Package Hallucinations’
Source URL: https://developers.slashdot.org/story/25/04/29/1837239/ai-generated-code-creates-major-security-risk-through-package-hallucinations?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: AI-Generated Code Creates Major Security Risk Through ‘Package Hallucinations’ Feedly Summary: AI Summary and Description: Yes Summary: The study highlights a critical vulnerability in AI-generated code, where a significant percentage of generated packages reference non-existent libraries, posing substantial risks for supply-chain attacks. This phenomenon is more prevalent in open…
-
The Register: Canvassing apps used by UK political parties riddled with privacy, security issues
Source URL: https://www.theregister.com/2025/01/30/uk_canvassing_app_issues/ Source: The Register Title: Canvassing apps used by UK political parties riddled with privacy, security issues Feedly Summary: Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org’s report The Open Rights Group (ORG) has raised concerns about a number of security issues it found in all three of…
-
The Register: Snyk appears to deploy ‘malicious’ packages targeting Cursor for unknown reason
Source URL: https://www.theregister.com/2025/01/14/snyk_npm_deployment_removed/ Source: The Register Title: Snyk appears to deploy ‘malicious’ packages targeting Cursor for unknown reason Feedly Summary: Packages removed, vendor said to have apologized to AI code editor as onlookers say it could have been a test Developer security company Snyk is at the center of allegations concerning the possible targeting or…