InfoWorld

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert.

IRS direct file shut down, driving up costs for PA taxpayers

A new analysis found Pennsylvania, which signed on to use IRS Direct File stood to save about $747 million annually before ...
The Hacker News

Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs

CrowdStrike shows Chinese AI DeepSeek-R1 quietly weakens code security when prompts mention Tibet, Uyghurs, or Falun Gong.
InfoWorld

How pairing SAST with AI dramatically reduces false positives in code security

In our study, a novel SAST-LLM mashup slashed false positives by 91% compared to a widely used standalone SAST tool.
The Hacker News

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Tsundere botnet spreads via MSI and PowerShell installers, using Ethereum-based C2 rotation and game-themed lures to target ...
IEEE

Optimizing Pre-Trained Code Embeddings With Triplet Loss for Code Smell Detection

Abstract: Code embedding represents code semantics in vector form. Although code embedding-based systems have been successfully applied to various source code analysis tasks, further research is ...
IEEE

Augmenting Large Language Models with Static Code Analysis for Automated Code Quality Improvements

Abstract: This study examined code issue detection and revision automation by integrating Large Language Models (LLMs) such as OpenAI’s GPT-3.5 Turbo and GPT-4o into software development workflows. A ...
Ars Technica

Oddest ChatGPT leaks yet: Cringey chat logs found in Google analytics tool

For months, extremely personal and sensitive ChatGPT conversations have been leaking into an unexpected destination: Google Search Console (GSC), a tool that developers typically use to monitor search ...