CSOonline

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist malicious code. Threat actors behind the long-running Contagious Interview ...
Dark Reading

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

The North Korean threat actors behind the Contagious Interview campaign are employing a new mechanism that uses Microsoft Visual Studio Code to deliver a previously unseen backdoor that enables remote ...
The Hacker News

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning ...
CNBC

AI startup Replit launches feature to vibe code mobile apps

Replit's new feature allows users to create publishable and monetizable mobile apps using only natural language prompts. As more vibe-coding products come online, some software companies could see one ...
PCGamesN

Code Vein 2 doesn't use generative AI because its dev values "art style" and the "cohesiveness" of its world

Code Vein 2 is right around the corner, and it's poised to deliver both a mechanical evolution and a narrative reset for the anime RPG. Bandai Namco's latest keeps the fundamentals that made its ...
GameInformer

This Week On GI: Code Vein II Preview, Death Howl Review, Lies Of P Interview, And More

It's Friday – congratulations, reader, you made it to the end of the traditional work week! Here at Game Informer, we've been hard at work publishing stories each and every day, from previews to ...
Reuters

Indonesia's new criminal code requires public oversight, minister says

JAKARTA, Dec 31 (Reuters) - Indonesia's new criminal code, which will make crimes of premarital sex and insulting the state when it takes effect on January 2, will need public oversight to help ...
MIT Technology Review

AI coding is now everywhere. But not everyone is convinced.

Developers are navigating confusing gaps between expectation and reality. So are the rest of us. Depending who you ask, AI-powered coding is either giving software developers an unprecedented ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
The Hacker News

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages ...
IEEE

Proving the Coding Interview: A Benchmark for Formally Verified Code Generation

Abstract: We introduce the Formally Verified Automated Programming Progress Standards, or FVAPPS, a benchmark of 4715 samples for writing programs and proving their correctness, the largest formal ...
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...