Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Why was an engineer allowed to access critical keys from a home computer? "DevOops."
Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development
Researcher Eaton Zveare discloses massive back door in Toyota web app exploiting a JsonWebToken used for authentication
The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations.
Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!
...
Alphabet’s DeepMind brings us AlphaCode — another AI code-generating parlor trick. And, just like its large language model cousins, it can spit out buggy code.
Conversational AI language model ChatGPT can write code. But is it any good?
A rash of small businesses on Facebook found their accounts locked after being hacked. And it’s impossible to contact Meta to get the problem fixed.
GitOps can help control configuration drift and enable your infrastructure security to shift left, for starters. Here are four ways it can enable better software security.
Within the space of a few days, both Google and Apple have suffered huge legal challenges.
Dropbox was hacked last month. The company has now revealed more details — and there are some big surprises.
Once again, Microsoft is under fire for shipping a service that can easily be misused for DDoS attacks.