python Archives - Developer Tech News

Entry points threaten multiple open-source ecosystems

Ryan Daws — Mon, 14 Oct 2024 13:58:48 +0000

While current tools have improved at detecting common tactics for exploiting open-source packages, a feature remains largely overlooked: entry points. Security researchers at Checkmarx uncovered how attackers can leverage entry points across multiple programming ecosystems, with a particular focus on PyPI, to trick victims into running malicious code. This method – while not allowing for... Read more »

The post Entry points threaten multiple open-source ecosystems appeared first on Developer Tech News.

SQL, Python, and Java most sought-after skills

Ryan Daws — Mon, 19 Aug 2024 13:05:59 +0000

SQL, Python, and Java remain the most sought-after programming skills by employers, according to new research from System Design School. The study analysed job listings on Glassdoor, revealing the languages most frequently cited as required skills. “In today’s competitive job market, having the right skills is more important than ever, and this data provides clear... Read more »

The post SQL, Python, and Java most sought-after skills appeared first on Developer Tech News.

Sonatype exposes malicious PyPI package ‘pytoileur’

Ryan Daws — Wed, 29 May 2024 15:19:27 +0000

Sonatype has exposed ‘pytoileur’, a malicious PyPI package designed to download and install trojanised Windows binaries capable of surveillance, commandeering persistence, and stealing cryptocurrency. This discovery is part of a broader, months-long “Cool package” campaign aimed at infiltrating the coding community. Yesterday, an automated malware detection system operated by Sonatype, known as the Sonatype Repository... Read more »

The post Sonatype exposes malicious PyPI package ‘pytoileur’ appeared first on Developer Tech News.

Phylum uncovers targeted malware disguised in Python package

Ryan Daws — Mon, 13 May 2024 12:11:15 +0000

Phylum’s cybersecurity experts have detected a malicious payload embedded within a popular Python package on the PyPI repository. The package, named requests-darwin-lite, is an unauthorised variant of the widely-used requests library. The requests-darwin-lite package was cleverly designed to emulate its legitimate counterpart but included a Go binary concealed within an oversized image file pretending to... Read more »

The post Phylum uncovers targeted malware disguised in Python package appeared first on Developer Tech News.

GitHub updates Innovation Graph with latest developer trends

Ryan Daws — Wed, 10 Apr 2024 11:35:16 +0000

GitHub’s Innovation Graph has been updated with data from Q4 2023, offering a comprehensive view of global developer activity over the past four years. The latest findings highlight the increasing popularity of AI among developers, leading to a rise in project documentation. This trend is attributed to the widespread use of chat-based generative AI tools... Read more »

The post GitHub updates Innovation Graph with latest developer trends appeared first on Developer Tech News.

JetBrains launches 2024.1 with local AI code completion

Ryan Daws — Thu, 04 Apr 2024 10:01:33 +0000

JetBrains has released the 2024.1 updates for its IDEs with several major new features, headlined by full-line code autocompletion powered by local AI models. The new full-line code completion functionality ensures code suggestions are processed entirely on the user’s device, minimising latency and providing a seamless offline experience. “We’ve developed models that run directly on... Read more »

The post JetBrains launches 2024.1 with local AI code completion appeared first on Developer Tech News.

Python skills ‘increasingly essential’ to dev teams venturing into advanced AI

James Bourne — Wed, 03 Apr 2024 14:09:15 +0000

Python’s status as the primary language for AI and machine learning projects, from its extensive data-handling capabilities to its flexibility and portability, is well-founded. Just how well-founded can be seen in new user data from Snowflake. The cloud data provider reported that, year on year, use of Python grew 571% in Snowpark, Snowflake’s set of... Read more »

The post Python skills ‘increasingly essential’ to dev teams venturing into advanced AI appeared first on Developer Tech News.

PyPI suspends registrations amid malware attack

Ryan Daws — Thu, 28 Mar 2024 12:52:52 +0000

The Python Package Index (PyPI) has suspended new project creation and user registration to mitigate an ongoing malware upload campaign. This move comes as security researchers at Checkmarx uncovered a campaign involving multiple malicious packages related to the same threat actors. The attackers are targeting victims through typosquatting attacks, tricking users into installing malicious Python... Read more »

The post PyPI suspends registrations amid malware attack appeared first on Developer Tech News.

GitHub’s code scanning autofix enters public beta

Ryan Daws — Wed, 20 Mar 2024 16:58:27 +0000

GitHub has announced that its code scanning autofix feature, powered by GitHub Copilot and CodeQL, is now available in public beta for all GitHub Advanced Security customers. The autofix tool aims to remediate over two-thirds of vulnerabilities found during code scanning with minimal editing required by developers. “Our vision for application security is an environment... Read more »

The post GitHub’s code scanning autofix enters public beta appeared first on Developer Tech News.

Python packages caught using DLL sideloading to bypass security

Ryan Daws — Wed, 21 Feb 2024 11:55:04 +0000

ReversingLabs researchers have uncovered Python packages using DLL sideloading to bypass security tools. On 10 January 2024, Karlo Zanki, a reverse engineer at ReversingLabs, stumbled upon two suspicious packages on the Python Package Index (PyPI). These packages – named NP6HelperHttptest and NP6HelperHttper – were found to be utilising DLL sideloading, a known technique used by... Read more »

The post Python packages caught using DLL sideloading to bypass security appeared first on Developer Tech News.