Today's digest · Thursday, July 9

The 17 things in AI/dev today.

LiveNext issue at 7:00 CET
#1 / TODAY
The Hacker News·1 min·25h agoFREE

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

A 15-year-old privilege escalation vulnerability named GhostLock has been discovered in the Linux kernel, affecting most Linux distributions. The flaw allows an attacker to gain root access and escape containers. It has existed for 15 years, making it a widespread and long-standing security issue.

GhostLock enables root access and container escape, compromising system security.

linuxkernelprivilege-escalationcontainer-escape
thehackernews.com
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
#2 / TOP STORY
The Hacker NewsFREE

New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

Researchers have identified a new attack called HalluSquatting that exploits AI coding assistants' tendency to hallucinate package names. Attackers can create malicious packages with names similar to those hallucinated by AI, potentially tricking developers into installing botnet malware. The attack could lead to widespread malware distribution through AI-assisted development workflows.

GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code
#3 / TOP STORY
The Hacker NewsFREE

GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code

A new study by researchers Abhishek Kumar and Carsten Maple found that GitHub Copilot, when using models like Claude and Gemini, refuses dangerous requests in its chat interface. However, the same harmful requests can be fulfilled if broken down into smaller, ordinary-looking steps inside a code editor. This behavior indicates a potential method to bypass safety mechanisms in AI coding assistants.

aigest · daily

Get this every morning.

One email. The signal. Built for builders.

Free · Unsubscribe in one click · No trackers

// Worth acting on4 stories
// Worth knowing10 stories

What's left for infrastructure-as-code after AI moves in?​​​​‌‍​‍​‍‌‍‌​‍‌‍‍‌‌‍‌‌‍‍‌‌‍‍​‍​‍​‍‍​‍​‍‌​‌‍​‌‌‍‍‌‍‍‌‌‌​‌‍‌​‍‍‌‍‍‌‌‍​‍​‍​‍​​‍​‍‌‍‍​‌​‍‌‍‌‌‌‍‌‍​‍​‍​‍‍​‍​‍‌‍‍​‌‌​‌‌​‌​​‌​​‍‍​‍​‍‌‍​‌‍‌‌​​‍‍‌​‌‌​‌‍​‌‌‍​‌‍‍‌‍‌‌‍‌‍‌‌‌​‍‌‍‌‍‌‍​‌‍‌‌​‍‍‌‍​‌‍​‍‌‍‍‌‌‍‍‌‌​‌‍‌‌‌‍‍‌‌​​‍‌‍‌‌‌‍‌​‌‍‍‌‌‌​​‍‌‍‌‌‍‌‍‌​‌‍‌‌​‌‌​​‌​‍‌‍‌‌‌​‌‍‌‌‌‍‍‌‌​‌‍​‌‌‌​‌‍‍‌‌‍‌‍‍​‍‌‍‍‌‌‍‌​​‌​‌‌‍‌‌‌‍​‍‌‍‌​​‌​‌‍‌‍‌​​​‍​‍‌‌‍​‌‍‌‌‌‍​‍‌‍​​‍‌​‌​‌‍​‍​‍​​‍​​‍‌​‍​​​‍‌‍‌‍​‍‌​‍‌​​‌‍‌​‌‍‌‍‌‍​‍​​‍‌‍​​‍​‌‍​‍‌‍​​‌‌‌‍​‌‍​‌​‍‌‌​‌‍‌‌​​‌‍‌‌​‌‌‍​‍‌‍​‌‍‌‍‌‌‌​​‌‍‌​‌‌​​‍‌​​‌‍​‌‌‌​‌‍‍​​‌‌‌​‌‍‍‌‌‌​‌‍​‌‍‌‌​‌‍​‍‌‍​‌‌​‌‍‌‌‌‌‌‌‌​‍‌‍​​‌‌‍‍​‌‌​‌‌​‌​​‌​​‍‌‌​​‌​​‌​‍‌‌​​‍‌​‌‍​‍‌‌​​‍‌​‌‍‌‍​‌‍‌‌​​‍‍‌​‌‌​‌‍​‌‌‍​‌‍‍‌‍‌‌‍‌‍‌‌‌​‍‌‍‌‍‌‍​‌‍‌‌​‍‍‌‍​‌‍​‍‌‍‌‍‍‌‌‍‌​​‌​‌‌‍‌‌‌‍​‍‌‍‌​​‌​‌‍‌‍‌​​​‍​‍‌‌‍​‌‍‌‌‌‍​‍‌‍​​‍‌​‌​‌‍​‍​‍​​‍​​‍‌​‍​​​‍‌‍‌‍​‍‌​‍‌​​‌‍‌​‌‍‌‍‌‍​‍​​‍‌‍​​‍​‌‍​‍‌‍​​‌‌‌‍​‌‍​‌​‍‌‍‌‌​‌‍‌‌​​‌‍‌‌​‌‌‍​‍‌‍​‌‍‌‍‌‌‌​​‌‍‌​‌‌​​‍‌‍‌​​‌‍​‌‌‌​‌‍‍​​‌‌‌​‌‍‍‌‌‌​‌‍​‌‍‌‌​‍‌‍‌​​‌‍‌‌‌​‍‌​‌​​‌‍‌‌‌‍​‌‌​‌‍‍‌‌‌‍‌‍‌‌​‌‌​​‌‌‌‌‍​‍‌‍​‌‍‍‌‌​‌‍‍​‌‍‌‌‌‍‌​​‍​‍‌‌

This discussion explores the future of infrastructure as code, a key developer practice, as AI takes on writing and deployment roles.

infrastructure-as-codeaidevopsibm
Stack Overflow Blog26h ago1mFREE

Mutation testing reveals hidden gaps in DAML test suites that traditional coverage metrics miss.

mutation-testingdamlmewttrail-of-bits
Trail of Bits20h ago1mFREE
// Yesterday11 stories