software development
Hundreds of AI-powered iOS apps found exposing credentials
Mobile app developers are packing AI features into everything from writing assistants to productivity tools and lifestyle apps. New research shows that securing access to …
Google sets timeline for Android developer verification enforcement
Android’s developer verification protections will take effect on September 30, 2026, starting with users in Brazil, Indonesia, Singapore, and Thailand. Developers distributing …
What’s new in Android 17? Anti-theft tools, scam detection, and parental controls
The Android 17 rollout has started for supported Pixel devices, delivering new security and privacy capabilities before expanding to other devices later this year. Security …
Software supply chains are heading for a transparency test
Software supply chain visibility is becoming part of product security work as the EU Cyber Resilience Act (CRA) moves toward application in December 2027. ENISA’s SBOM …
Claude now reviews and fixes vulnerabilities as you write code
Anthropic introduced a security-guidance plugin for Claude Code that reviews code changes for common vulnerabilities and helps Claude identify and fix issues during the same …
CVE Lite CLI: Open-source dependency vulnerability scanner
Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration …
Microsoft’s WinUI agent plugin trims token use by over 70% during development
Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX …
OpenAI’s Daybreak uses Codex Security to identify risky attack paths
OpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI …
HEIDI: Free IDE security plugin for open-source vulnerability checks
Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems …
Google is turning Android Studio into a policy watchdog
Google has expanded Play Policy Insights in Android Studio to help developers catch policy issues while coding, including warnings for common problems such as missing login …
Node.js 26 ships with Temporal API enabled by default
Developers managing JavaScript runtimes have a new major version to evaluate. Node.js 26.0.0 brings the long-awaited Temporal API to the platform alongside an updated V8 …
Can your coding style predict whether your code is vulnerable?
Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all …