Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
IEEE

Cross-Language Code Development with Generative AI: A Source-to-Source Translation Perspective

Abstract: Since the release of ChatGPT in November 2022, there is growing interest around the world on exploring the capabilities of generative AI tools. In addition to text, image, audio, and video ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...

ESLint 10.0: New features for JavaScript code analysis in major release

The linter designed for JavaScript brings several changes, including new options for the RuleTester API and an update in handling JSX references.
IEEE

CODE-SMASH: Source-Code Vulnerability Detection Using Siamese and Multi-Level Neural Architecture

Abstract: The rapid evolution of software development, propelled by competitive demands and the continuous integration of new features, frequently leads to inadvertent security oversights. Traditional ...