News
- Four in five companies knowingly ship vulnerable code, survey warns
- One-third say 60% of their code is now AI-generated
- Orgs need to use AI to identify vulnerabilities
A study of 1,500 CISOs, AppSec Managers and developers conducted by Checkmarx has claimed four in five (81%) companies knowingly ship vulnerable code, putting them and their users at risk of attack.
An estimated one in two respondents already use AI security code assistance, with around one-third (34%) admitting that more than 60% of their code is AI-generated – which can often contain known vulnerabilities by default.
An overwhelming majority (98%) have experienced a breach due to vulnerable code in the past year, and yet they continue to ship vulnerable code without implementing the right protective measures.
Companies are shipping vulnerable, AI-generated codeThe report outlines how generative AI has now eroded developer ownership with code less likely to be affiliated with any particular individuals. It has also expanded the attack surface by reopening vulnerabilities that could previously have been avoided with proper coding expertise.
The trend has largely been blamed on artificial intelligence, with vibe coding on the rise and many developers now opting to edit AI-generated code rather than write their own from the ground up.
The lack of governance around this has created what the company describes as the perfect storm.
Fewer than half of the respondents were found to be using foundational security tools like DAST and IaC scanning, with a similar number using DevSecOps tools.
Looking ahead, Checkmarx stresses security should be built into projects right from coding level, with organizations urged to establish policies for AI tool usage. Acknowledging that developers are now actively using AI, Checkmarx suggests that, instead of banning it, companies should also utilize agentic AI to analyze and fix issues across projects.
"AI generated code will continue to proliferate; secure software will be the competitive differentiator in the coming years," Checkmarx VP of Portfolio Marketing Eran Kinsbruner concluded.
You might also like- We've listed the best IDEs for Python
- Fancy an upgrade? Check out the best laptops for programming
- Google issues official internal guidance on using AI for coding - and its devs might not be best pleased
- Researchers uncover two packages carrying an infostealer
- The victims are apparently Russian, and attackers American
- This prompted the researchers to speculate if the targets were Russian crypto hackers
Two malicious packages were recently discovered on the npm package manager platform targeting software developers on the Solana ecosystem.
However the discovery, attribution, and potential targets of the malware have made researchers speculate if this was a state-sponsored attack.
Solana is a blockchain designed for decentralized applications and cryptocurrencies. It is similar to Ethereum in many aspects, which is why it is often described in the crypto community as the “Ethereum killer”.
Targeting devs? Or hackers? Or both?Recently, security researchers from Safety found two npm packages: “solana-pump-test” and “solana-spl-sdk”.
Both were submitted by the same author, and both contained identical code - and according to Safety, when these packages were installed, they ran scripts that exfiltrated sensitive information from compromised devices, including private keys that granted the attackers access to crypto funds.
Safety says that the victims - the developers that downloaded and ran the infostealers - were located in Russia.
The attackers, on the other hand, seem to be located in the United States, based on the IP addresses where the exfiltrated data was relayed.
These things were enough for the researchers to ask if this was a US-backed threat actor targeting Russia, probably due to currently strained geo-political relations between the two powers.
But npm, as a platform, is not Russian, or managed by the Russians. The npm platform is run by npm, Inc., a company that was originally independent but is now a subsidiary of GitHub, which itself is owned by Microsoft.
Still, Russia has multiple state-sponsored and affiliated threat actors known to target cryptocurrency users, or large enterprises which are then forced to make ransom payments in crypto. Groups such as Evil Corp, Sandworm, and APT28 (Fancy Bear) have been linked to campaigns that either exfiltrate cryptocurrency or deploy ransomware for financial gain.
Therefore, it is not too far-fetched to speculate if this attack was aimed at crypto criminals, as well as regular crypto developers.
Via The Register
You might also like- Crypto hacker steals $14.5 billion in Bitcoin using a gaming PC and nobody notices for five years
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
- First portable color ePaper monitor offers 13.3-inch screen, wireless connections and stand
- Bigme B13 provides multiple refresh modes, adjustable lighting and dual audio options
- Priced at $699, B13 targets early adopters seeking eye-friendly portable productivity
The world’s first portable color ePaper monitor has gone on sale, marking a new step for ePaper beyond e-readers like the Amazon Kindle.
The Bigme B13 is a 13.3-inch device that combines the familiar look of paper with the flexibility of a modern monitor.
Unlike LCD or OLED panels, ePaper is easier on the eyes for long use, making it appealing for work and study. The B13 supports both wired and wireless connections. It can be connected to a laptop, desktop or mobile device using HDMI or USB-C, or it can mirror content wirelessly.
Different user modesIf you require a dual-screen experience, an optional stand allows the monitor to magnetically attach to a laptop, for a compact portable productivity setup.
The stand is adjustable, with a universal backplate designed to fit laptops between 13 and 17 inches. Auto gravity adaptation means the screen rotates automatically when repositioned.
With its 4:3 aspect ratio and 3200x2400 resolution, the monitor is built for reading documents, editing text and browsing the web.
It won't be of interest to people whose work depends on creative projects, advanced data visualization, or tasks requiring color-critical business displays, but professionals handling reports, contracts, and lengthy text documents may find it useful.
Color output is rated at 150PPI while black and white reaches 300PPI. At 660g and just 6mm at its thinnest point, the B13 remains lightweight and highly portable.
Different modes allow you to adjust performance depending on the task. Text mode sharpens words, web mode smooths scrolling, image mode boosts color richness and video mode improves motion handling.
If ghosting occurs, which is a possibility, the refresh button clears the screen instantly. A 30Hz refresh rate helps the panel handle video playback with greater clarity than older ePaper screens.
The B13 includes a front light that can be customized for brightness and warmth, ranging from cool white to warm yellow. This light can also be turned off entirely, depending on your needs.
The monitor has built-in dual speakers and a headphone jack for video calls or casual audio playback without extra equipment.
The Bigme B13 is positioned as an early adopter product and priced at $699 although you can save 15% off the price using coupon code B13SAVE.
You might also like- These are the best business monitors you can buy right now
- And these are the best monitors for home working
- This 34-inch business monitor is curved, fast, has Ethernet, Smart KVM, and a webcam
- Samsung could be adding a more vivid camera filter in OneUI 8
- According to IceUniverse, the feature will force a watermark on your image
- There's no release date yet
Samsung’s camera app is set to get a new vivid filter, according to leaks, which showcase it producing more striking and vibrant images. The catch? It’ll force you to watermark your photo.
Photo filters are nothing new, but one feature you might not be taking advantage of is that Samsung’s camera app can pre-apply filters to your snap – helping you to better visualize the final product in the moment.
It recently updated the tool to tweak the existing filters and allow you to create a custom filter based on another photo, thanks to AI assistance.
BREAKING!For Samsung users, here's a major discovery!Yesterday, I mentioned that the next version of One UI 8 would introduce two "Chinese-style" photo watermarks. But it turns out there's more to it—Samsung has tied its new "Vivid" style to the watermark. Look, all my… pic.twitter.com/zKx6jAgJc1August 18, 2025
Another change is apparently set to launch with a OneUI 8 update in the future, according to tipster IceUniverse. The update will usher in a new, vivid photo filter profile, but it will also put a border around your snap in a so-called “Chinese-style photo watermark.”
The border makes the snap look kinda like a Polaroid, with a thick bar at the bottom including info like the camera settings, date, and time when the picture was taken, as well as a note saying it was taken on a Samsung Galaxy phone.
This kind of watermark is common on phones from Chinese brands like Xiaomi and OnePlus.
(Image credit: Future)Some people think the extra information is handy; unfortunately, for me, I’m not in that boat. I believe the watermark comes across as a blatant hijacking of my photos for marketing.
So, as a Samsung Z Fold 7 user, I’ll be steering clear of the vivid filter if this update rolls out as expected. I say that because, as with all leaks, we don’t know how the software update will materialize until it launches.
I’ll also hope the other filters aren’t ruined by a watermark, but we’ll have to wait and see what Samsung delivers.
You might also like