Experimental News Clipping Site

Tag: secure coding practices

  • Cloud Blog: Five Best Practices for Using AI Coding Assistants

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/topics/developers-practitioners/five-best-practices-for-using-ai-coding-assistants/ Source: Cloud Blog Title: Five Best Practices for Using AI Coding Assistants Feedly Summary: Does owning a kitchen knife mean you know how to effectively dice onions or julienne carrots? Of course not. Access to a tool doesn’t guarantee profenciency. To get the results you’re looking for, you need to learn the…

  • Docker: The Trust Paradox: When Your AI Gets Catfished

    by

    Kurt Seifried
    in

    Source URL: https://www.docker.com/blog/mcp-prompt-injection-trust-paradox/ Source: Docker Title: The Trust Paradox: When Your AI Gets Catfished Feedly Summary: The fundamental challenge with MCP-enabled attacks isn’t technical sophistication. It’s that hackers have figured out how to catfish your AI. These attacks work because they exploit the same trust relationships that make your development team actually functional. When your…

  • Gemini: Google AI Pro and Ultra subscribers now get Gemini CLI and Gemini Code Assist with higher limits.

    by

    Kurt Seifried
    in

    Source URL: https://blog.google/technology/developers/gemini-cli-code-assist-higher-limits/ Source: Gemini Title: Google AI Pro and Ultra subscribers now get Gemini CLI and Gemini Code Assist with higher limits. Feedly Summary: Google AI Pro and Ultra subscribers now get higher limits to Gemini CLI and Gemini Code Assist IDE extensions. AI Summary and Description: Yes Summary: Google has made an update…

  • Unit 42: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack

    by

    Kurt Seifried
    in

    Source URL: https://unit42.paloaltonetworks.com/npm-supply-chain-attack/ Source: Unit 42 Title: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack Feedly Summary: Self-replicating worm “Shai-Hulud” has compromised 180-plus software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post “Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack appeared first on Unit…

  • The Register: Self-propagating worm fuels latest npm supply chain compromise

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/16/npm_under_attack_again/ Source: The Register Title: Self-propagating worm fuels latest npm supply chain compromise Feedly Summary: Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.… AI Summary and Description: Yes Summary: The text discusses a…

  • Simon Willison’s Weblog: GPT‑5-Codex and upgrades to Codex

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Sep/15/gpt-5-codex/#atom-everything Source: Simon Willison’s Weblog Title: GPT‑5-Codex and upgrades to Codex Feedly Summary: GPT‑5-Codex and upgrades to Codex OpenAI half-released a new model today: GPT‑5-Codex, a fine-tuned GPT-5 variant explicitly designed for their various AI-assisted programming tools. I say half-released because it’s not yet available via their API, but they “plan to make…

  • The Register: Attackers snooping around Sitecore, dropping malware via public sample keys

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/04/unknown_miscreants_snooping_around_sitecore/ Source: The Register Title: Attackers snooping around Sitecore, dropping malware via public sample keys Feedly Summary: You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping…

  • The Register: Perplexity’s Comet browser naively processed pages with evil instructions

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/08/20/perplexity_comet_browser_prompt_injection/ Source: The Register Title: Perplexity’s Comet browser naively processed pages with evil instructions Feedly Summary: Rival Brave flags prompt injection vulnerability, now patched To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea.… AI Summary and Description: Yes Summary: The text discusses a recently…

  • Slashdot: Security Flaws In Carmaker’s Web Portal Let a Hacker Remotely Unlock Cars

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/08/17/0221251/security-flaws-in-carmakers-web-portal-let-a-hacker-remotely-unlock-cars?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Security Flaws In Carmaker’s Web Portal Let a Hacker Remotely Unlock Cars Feedly Summary: AI Summary and Description: Yes Summary: A security researcher discovered vulnerabilities in a car dealership portal that could expose personal information and allow remote access to cars. The issues highlight the critical importance of secure…

  • Simon Willison’s Weblog: Chromium Docs: The Rule Of 2

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Aug/11/the-rule-of-2/ Source: Simon Willison’s Weblog Title: Chromium Docs: The Rule Of 2 Feedly Summary: Chromium Docs: The Rule Of 2 Alex Russell pointed me to this principle in the Chromium security documentation as similar to my description of the lethal trifecta. First added in 2019, the Chromium guideline states: When you write code…