Geek-Guy.com

Tag: developer

AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security

TrapDoor malware campaign puts developer workstations in CISO spotlight

A malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer workflows and AI coding assistant files. Researchers at Socket said the campaign, which they are tracking as TrapDoor, “spans more than 34 malicious packages and 384+ related versions and artifacts” across the three…

Read more →

AI, Data Security, Exploits, Global Security News, privacy

WWDC 2026: How Apple can take a great leap in AI

Apple’s Worldwide Developer Conference (WWDC) takes place in just a few weeks. Everyone expects the company to explain its approach to AI deployment on its platforms. With that in mind, here’s what several months of speculation suggest Apple will announce, though the details remain to be disclosed. Apple is investing billions of dollars in these plans; R&D spending…

Read more →

AI, Apps, Cybersecurity, Global Security News, malware, Risk Management

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini Shai-Hulud,” affected packages used in SAP’s JavaScript and cloud application development ecosystem. The malicious versions added installation-time code that could steal developer credentials,…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game currency. Meanwhile, there’s a 1980s phone protocol called…

Read more →

AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines 

A supply chain attack targeting Checkmarx tooling has exposed developer environments.  Attackers pushed malicious Docker images and tampered extensions capable of stealing credentials and other sensitive data.  This “… continues a dangerous trend that’s accelerated over the past month: CI/CD pipelines have become the new perimeter,” said Eli Woodward, Cyber Threat Intelligence Advisor at Team…

Read more →

AI, Data Breaches, Exploits, Global Security News

Rockstar Games receives “pay or leak” warning after cyberattack

Rockstar Games, the developer behind titles such as Grand Theft Auto and Red Dead Redemption, has confirmed a cyberattack claimed by hacking group ShinyHunters, which says it accessed the company’s Snowflake environment and obtained data. The attackers exploited Anodot, a third-party SaaS platform used for cloud cost monitoring and analytics, as the entry point and…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

NomShub Vulnerability Chain Exposes Hidden Risks in AI Coding Tools

A vulnerability chain in an AI-powered code editor is raising alarms about how autonomous developer tools can be turned against their users.  Dubbed NomShub, the flaw allows attackers to gain persistent shell access simply by luring a developer into opening a malicious repository — no traditional exploit required. “When an AI agent can execute shell…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Claude Code Leak Exposes AI Supply Chain Threats

A leak involving Anthropic’s Claude Code has drawn attention from the cybersecurity and developer communities, exposing internal components of the AI coding agent and introducing potential risks for organizations. “The significance of this leak is in what the code reveals about AI agent architecture. The leak exposed approximately 512,000 lines of TypeScript across roughly 1,900…

Read more →

AI, Global Security News

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google on Monday said it’s officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while “hiding behind anonymity.” The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesia, Singapore, and Thailand this September, before it expands globally next year.…

Read more →

AI, Apps, Exploits, Global Security News, malware

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

PyPI is warning of possible credential theft from AI applications and developer pipelines after two malicious versions of the widely used Python middleware for large language models, LiteLLM, were briefly published. “Anyone who has installed and run the project should assume any credentials available to the LiteLLM environment may have been exposed, and revoke/rotate them…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Fake Claude Code Install Pages Spread Infostealer Malware

Threat actors are exploiting a common developer habit — copying installation commands directly from websites — to distribute malware through fake software installation pages.  Security researchers at Push Security recently uncovered a campaign targeting users of Anthropic’s Claude Code, a popular command-line AI coding assistant.  The attackers are using cloned websites and malicious search advertisements…

Read more →

AI, Global Security News, Microsoft, News, update

Microsoft Store updated with a new CLI, analytics, and Web Installer improvements

Microsoft has introduced new developer tools, updates to developer analytics, and a Web Installer in the Microsoft Store on Windows to help developers build and scale apps on the platform. “The Microsoft Store on Windows continues to evolve, shaped by ongoing feedback from developers building and scaling apps on the platform. Over the past months,…

Read more →

AI, Compliance, Global Security News

UiPath acquires WorkFusion to automate KYC processes

UiPath has acquired agentic AI developer WorkFusion to expand and strengthen its portfolio of AI-powered industry solutions. The deal will add WorkFusion’s offerings to UiPath’s portfolio of products for the financial services and banking industries. By using WorkFusion’s pre-built library of AI agents, UiPath said, customers will be able save time on the most labor-intensive aspects of…

Read more →