Secure Software Blogwatch
AI coding helpers get FAILing grade
An academic study says ChatGPT is wrong more than half the time, when asked the sort of programming questions you’d find on Stack Overflow. The “comprehensive analysis” concludes that GitHub Copilot’s LLM engine ...
No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’
Google employees are to be protected from themselves. In what’s being described as a pilot program, they’ll lose internet access at work and/or root privileges ...
JumpCloud ‘nation state’ phishing attack spotlights third-party risk management
A state-sponsored phishing attack on JumpCloud highlights the importance of strong third-party risk management (TPRM). The big identity service provider believes it was a victim of a sophisticated breach that targeted a few ...
EU-US data transfers back in hotseat: Security of user data adds to privacy concerns
The Europeans say a new agreement with the U.S. means it’s OK to transfer data westwards again. Two previous decisions had been struck down by the EU’s judicial branch, due to the risk ...
MOVEit supply-chain bug walks before it runs
Progress Software’s MOVEit file-transfer platform has been causing high-profile data leaks ...
PyPI hackers code sneaky new tactic. Researchers caught ’em red handed
Python Package Index (PyPI) attackers used compiled code to evade detection. It’s possibly the first attack to take advantage of .PYC file direct execution — but likely not the last ...