Wired

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
CSOonline

Open source package entry points could be used for command jacking

Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, ...
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...

Developers and expert users benchmark three leading open-source thermal conductivity calculation packages

Mechanical Engineering Professor Alan McGaughey of Carnegie Mellon University recently coordinated the Phonon Olympics, ...
CSOonline

How CISOs can tackle the pernicious problem of poisoned packages

Primary code repositories are a godsend for software developers but offer easy access for threat actors to deliver malware. Experts say CISOs should scan for threats and be aware of the dangers. Since ...