2-Click Cursor Exploit Enables Dev Environment Takeover
Simple age-old bugs give bad actors access to developers' secrets and source code-rich environments.
Source code reveals how software works, helping security teams identify vulnerabilities, exposed secrets, and unsafe logic before attackers can exploit them.
Search across headline titles and summaries.
Background for this topic.
Source code is the human-readable text programmers write in a language such as Python, Java, or C before it is compiled or interpreted into a running program. It defines the program’s logic, data handling, and interactions with operating systems, networks, and other services. Source code may include application code, scripts, and configuration that controls software behavior.
In security, exposed or improperly protected repositories can disclose credentials, private keys, internal endpoints, or details that help attackers find exploitable flaws. Vulnerabilities may also enter through unsafe coding patterns, outdated dependencies, or malicious changes to code and build pipelines. Defenses include least-privilege repository access, secret scanning, peer review, static analysis, dependency and software-composition checks, and integrity controls for releases. Preserving commit history and build provenance helps investigators determine what changed and whether delivered software matches reviewed source.
Weekly headline count for the current query.
Simple age-old bugs give bad actors access to developers' secrets and source code-rich environments.
The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.
Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, giving attackers a leg up.
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
F5 disclosed a breach this week that included zero-day bugs, source code, and some customer information.
Law enforcement discovered admin credentials on the suspect's computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.
The propensity for users to enter customer data, source code, employee benefits information, financial data, and more into ChatGPT, Copilot, and others is racking up real risk for enterprises.
"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.
Vanir automates the process of scanning source code to identify what security patches are missing.
The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.
A collaboration with the FBI and law-enforcement agencies in Europe, the UK, and Australia, Operation Magnus has seized servers and source code related to the two malware families, which have stolen data from millions of victims worldwide.
A technique to abuse Microsoft's built-in source code editor has finally made it into the wild, thanks to China's Mustang Panda APT.
Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to code bases anytime soon.
The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed.
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.
Attackers can remotely execute code with system privileges by exploiting a vulnerability in the source code of the open source container management system.
Source code fire sale, stiffing affiliates — are BlackCat admins intentionally burning their RaaS business to the ground? Experts say something's up.
The buyer could use the code to restart the up to now all-but defunct Zeppelin ransomware-as-a-service operation.
GhostSec has made the source code for what it calls a powerful surveillance tool openly available in a 26GB file, but FANAP denies its legitimacy.