Frontiers

Generation of rule-based matrices with the matRiks package: a tutorial

Many authors have long been engaged in the automatic generation of test items or stimuli, recognizing their potential for improving test efficiency, scalability, and psychometric quality. Pioneering ...
IEEE

Interactive Cross-Language Pointer Analysis for Resolving Native Code in Java Programs

Abstract: Java offers the Java Native Interface (JNI), which allows programs running in the Java Virtual Machine to invoke and be manipulated by native applications and libraries written in other ...
Bleeping Computer

Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and ...
IEEE

Comprehensive Evaluation of Static Analysis Tools for Their Performance in Finding ...

Abstract: Various static code analysis tools have been designed to automatically detect software faults and security vulnerabilities. This paper aims to 1) conduct an empirical evaluation to assess ...
Bleeping Computer

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...
TechRepublic

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week Your email has been sent An attack targeting the Node.js ecosystem was just identified ...
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
TechSpot

Mystery packages with QR codes spark new wave of scams

WTF?! A new twist on package-related scams is drawing concern from federal authorities, as the FBI warns Americans to be vigilant when receiving unexpected parcels containing QR codes. According to a ...
KXTV

QR codes in mystery packages could steal your identity, officials warn

EL CAJON, Calif — A dangerous new twist on unwanted packages delivered to doorsteps is putting consumers at risk of identity theft. Fraudsters are enhancing their "brushing scam" tactics, now ...
Wired

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
thecyberexpress

LLMs Create a New Supply Chain Threat: Code Package Hallucinations

Code-generating large language models (LLMs) have introduced a new security issue into software development: Code package hallucinations. Package hallucinations occur when an LLM generates code that ...