The Hacker News

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

AI found 21 FFmpeg zero-days, some 20 years old; Chrome 149 patched 429 bugs, including 100+ critical/high flaws.
InfoWorld

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.
newsbytesapp.com

Anthropic's Claude Mythos appears on Claude Code, finds 10,000 bugs

Anthropic's new AI, Claude Mythos, made a surprise appearance on Claude Code, just after the company said the model wouldn't be released to the general public anytime soon. Despite being under wraps, ...
Security Boulevard

Update Chrome now: Critical bugs could let attackers run code

The post Update Chrome now: Critical bugs could let attackers run code appeared first on Malwarebytes. Google has issued updates for the Chrome browser patching a number of high‑severity ...
theregister

Even Claude agrees: hole in its sandbox was real and dangerous

Two now-patched bypass bugs in Claude Code’s network sandbox put users at risk, and one of these allows baddies to send anything inside the sandbox - credentials, source code, other private data - to ...
IEEE

Refactoring ≠ Bug-Inducing: Improving Defect Prediction with Code Change Tactics Analysis

Abstract: Just-in-time defect prediction (JIT-DP) aims to predict the likelihood of code changes resulting in software defects at an early stage. Although code change metrics and semantic features ...
Ars Technica

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
GitHub

Definition of Done as an executable barrier for Claude Code

LLM-driven coding assistants are wired to declare "done." The failure modes are everywhere: ...