The Hacker News

Which Code Vulnerabilities Actually Get Fixed? New Code Security Data from 50,000+ Repos

Authentication Failures (A07) show the largest gap in the dataset: a 48-percentage-point difference between leaders and the field. Leaders fix at nearly 60%, while the field sits at roughly 12%.

CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog

CISA set a deadline of April 11 for federal civilian executive branch agencies to mitigate their environments. Ivanti first ...
InfoWorld

Open source code libraries suffer from vulnerabilities

A recent study found that more than a third of 1,261 open source libraries had a known vulnerability and about a quarter of the downloads were tainted A study of how 31 popular open source code ...

Update now! Chrome security vulnerability is being attacked

Google has released an update for Chrome. It patches 21 security vulnerabilities. Attacks are targeting a code smuggling ...
InfoWorld

GitHub rolls out AI-powered fixes for code vulnerabilities

Copilot Autofix, a new addition to the GitHub Advanced Security service, analyzes vulnerabilities in code and offers code suggestions to help developers fix them. GitHub has unveiled Copilot Autofix, ...
CSOonline

Telnet vulnerability opens door to remote code execution as root

A critical Telnet vulnerability with a CVSS rating of 9.8 enables attackers to take full control of affected systems before authentication even kicks in, security researchers at Dream Security have ...
Infosecurity-magazine.com

Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code

Vibe coding tools like Anthropic's Claude Code are flooding software with new vulnerabilities, Georgia Tech researchers have warned. At least 35 new common vulnerabilities and exposures (CVE) entries ...
CSO Online

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

This month’s threat landscape is ‘defined by immediate, real-world exploitation rather than just theoretical vulnerabilities, ...