Python packages caught using DLL sideloading to bypass security

ReversingLabs researchers have uncovered Python packages using DLL sideloading to bypass security tools.

On 10 January 2024, Karlo Zanki, a reverse engineer at ReversingLabs, stumbled upon two suspicious packages on the Python Package Index (PyPI). These packages – named NP6HelperHttptest and NP6HelperHttper – were found to be utilising DLL sideloading, a known technique used by malicious actors to execute code discreetly and evade detection from security tools.

This...

21 February 2024 | Hacking & Security

GitHub invites open-source AI developers to apply for Accelerator

GitHub has announced applications are now open for the next cohort of its Accelerator program, which provides funding, mentoring, and other benefits for early-stage open-source projects. There is a particular focus this year on developers building AI solutions.

Applications will be accepted on a rolling basis until 5 March 2024. Ten projects will be selected to participate in the 10-week program beginning 22 April 2024.

The 2024 GitHub Accelerator cohort focuses on the...

14 February 2024 | Artificial Intelligence

Open source wins concessions in new EU cyber law

The European Cyber Resilience Act (CRA) has undergone substantial revisions, bringing relief to the open-source community.

Back in April, the Python Software Foundation (PSF) had expressed concerns about potential repercussions for CPython and PyPI if the initial form of CRA were to be enacted.

The primary worry was that, in the course of providing open-source software, the PSF and the Python community might assume legal responsibility for security issues in products...

15 January 2024 | Open Source

Checkmarx uncovers persistent Python package threat

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain.

The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in, successfully garnered thousands of downloads. The malicious payload, embedded within the...

16 November 2023 | Developer

GitHub launches Innovation Graph for interactive development insights

GitHub has unveiled its Innovation Graph, an open data and insights platform for measuring and understanding the global impact of developers.

The ambitious initiative aims to address a longstanding challenge faced by policymakers and researchers: the lack of reliable and comprehensive data on trends in software development.

Understanding the Innovation Graph

The Innovation Graph is a repository of longitudinal metrics that track software development across economies...

22 September 2023 | Developer

Ruby on Rails creator deplores ‘open-source hooliganism’

Ruby on Rails creator David Heinemeier Hansson has expressed his concerns about what he called "open-source hooliganism."

Hansson recounted a recent incident involving the TypeScript community and their reaction to a decision made by the team behind Turbo.

Hansson began by acknowledging the passion that many developers have for their preferred programming languages and tools. He noted that the enthusiasm displayed by these individuals is a testament to their dedication...

8 September 2023 | Developer

Graphcore joins PyTorch Foundation as a general member

The PyTorch Foundation, a home for the deep learning community to collaborate on the open-source PyTorch framework and ecosystem, has announced that Graphcore is joining its ranks.

Graphcore – a Bristol, UK-based company specialising in designing and manufacturing AI accelerators, hardware, and software tailored for AI and machine learning workloads – has joined as a general member of the foundation.

PyTorch has long been a go-to framework for developers in the field...

7 September 2023 | Artificial Intelligence

Software Freedom Conservancy calls on FOSS contributors to ‘exit Zoom’

In the wake of the revelation that Zoom has been repurposing private user data to train machine learning models, the Software Freedom Conservancy (SFC) has taken a stand to emphasise the importance of Free and Open Source Software (FOSS) alternatives.

The SFC, an advocate for software rights and freedom, is extending its efforts to provide ethical technology choices and promote FOSS solutions for various needs.

The pandemic-driven shift towards digital technologies –...

16 August 2023 | Open Source

Sonatype uncovers further malicious PyPI and npm packages

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries.

Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm "colors" library.

The malicious packages, including names such as "broke-rcl," "brokescolors," and "trexcolors," exclusively targeted the Windows operating system. Once installed, these packages would initiate the...

23 June 2023 | Developer

Google releases Flutter 3.7 and teases future improvements

Google held its Flutter Forward event this week where it announced version 3.7 of the framework and teased future improvements.

Flutter started life as a framework for developing Android and iOS apps. Over the years, it’s expanded to help developers build apps for not just mobile, but also desktop, web, and more, all from a single Dart codebase.

Google says Flutter has attracted five million developers and over 700,000 apps have been created using it. Based on GitHub...

26 January 2023 | Developer