secure development practices – Experimental News Clipping Site

Wired: Vibe Coding Is the New Open Source—in the Worst Way Possible

Oct 6, 2025

—

by

Source URL: https://www.wired.com/story/vibe-coding-is-the-new-open-source/ Source: Wired Title: Vibe Coding Is the New Open Source—in the Worst Way Possible Feedly Summary: As developers increasingly lean on AI-generated code to build out their software—as they have with open source in the past—they risk introducing critical security failures along the way. AI Summary and Description: Yes Summary: The text…

Cloud Blog: Agent Factory Recap: Deep Dive into Gemini CLI with Taylor Mullen

Sep 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/developers-practitioners/agent-factory-recap-deep-dive-into-gemini-cli-with-taylor-mullen/ Source: Cloud Blog Title: Agent Factory Recap: Deep Dive into Gemini CLI with Taylor Mullen Feedly Summary: In the latest episode of the Agent Factory podcast, Amit Miraj and I took a deep dive into the Gemini CLI. We were joined by the creator of the Gemini CLI, Taylor Mullen, who shared…

Unit 42: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack

Sep 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/npm-supply-chain-attack/ Source: Unit 42 Title: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack Feedly Summary: Self-replicating worm “Shai-Hulud” has compromised 180-plus software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post “Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack appeared first on Unit…

The Register: ‘Powerful but dangerous’ full MCP support beta for ChatGPT arrives

Sep 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/15/full_mcp_support_in_beta_chatgpt/ Source: The Register Title: ‘Powerful but dangerous’ full MCP support beta for ChatGPT arrives Feedly Summary: ‘Wow this is dangerous’ says Django dev, while others call feature a ‘game-changer’ OpenAI has added a beta of Developer mode to ChatGPT, enabling full read and write support for MCP (Model Context Protocol) tools, though…

The Register: Boffins build automated Android bug hunting system

Sep 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/04/boffins_build_automated_android_bug_hunting/ Source: The Register Title: Boffins build automated Android bug hunting system Feedly Summary: AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to…

The Register: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE

Aug 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/20/amazon_quietly_fixed_q_developer_flaws/ Source: The Register Title: Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE Feedly Summary: Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to…

Embrace The Red: Amazon Q Developer: Remote Code Execution with Prompt Injection

Aug 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/amazon-q-developer-remote-code-execution/ Source: Embrace The Red Title: Amazon Q Developer: Remote Code Execution with Prompt Injection Feedly Summary: The Amazon Q Developer VS Code Extension (Amazon Q) is a popular coding agent, with over 1 million downloads. The extension is vulnerable to indirect prompt injection, and in this post we discuss a vulnerability that…

Docker: MCP Horror Stories: The GitHub Prompt Injection Data Heist

Aug 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/mcp-horror-stories-github-prompt-injection/ Source: Docker Title: MCP Horror Stories: The GitHub Prompt Injection Data Heist Feedly Summary: This is Part 3 of our MCP Horror Stories series, where we examine real-world security incidents that validate the critical vulnerabilities threatening AI infrastructure and demonstrate how Docker MCP Toolkit provides enterprise-grade protection. The Model Context Protocol (MCP)…

Docker: Docker Desktop 4.43: Expanded Model Runner, Reimagined MCP Catalog, MCP Server Submissions, and Smarter Gordon

Jul 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/docker-desktop-4-43/ Source: Docker Title: Docker Desktop 4.43: Expanded Model Runner, Reimagined MCP Catalog, MCP Server Submissions, and Smarter Gordon Feedly Summary: Docker Desktop 4.43 just rolled out a set of powerful updates that simplify how developers run, manage, and secure AI models and MCP tools. Model Runner now includes better model management, expanded…

Slashdot: Trump Quietly Throws Out Biden’s Cyber Policies

Jun 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/06/10/2044217/trump-quietly-throws-out-bidens-cyber-policies?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Trump Quietly Throws Out Biden’s Cyber Policies Feedly Summary: AI Summary and Description: Yes Summary: The text discusses significant changes to cybersecurity policy initiated by President Trump that reverse or roll back several key components of the Biden administration’s cyber legacy. This shift highlights the fluctuating nature of cybersecurity…

Tag: secure development practices