Entry points threaten multiple open-source ecosystems

Sign illustrating how vulnerabilities with entry points can be exploited by hackers to threaten open-source packages of multiple programming ecosystems.

While current tools have improved at detecting common tactics for exploiting open-source packages, a feature remains largely overlooked: entry points.

Security researchers at Checkmarx uncovered how attackers can leverage entry points across multiple programming ecosystems, with a particular focus on PyPI, to trick victims into running malicious code. This method – while not allowing for immediate system compromise – offers a subtler approach for patient attackers to...

14 October 2024 | Developer

Safe Coding: Google’s strategy reduces memory safety vulnerabilities

Google logo illustrating its Safe Coding strategy to reduce memory safety vulnerabilities to improve security.

Google has unveiled compelling data highlighting the efficacy of its "Safe Coding" approach in reducing memory safety vulnerabilities.

The tech giant's strategy, which prioritises the use of memory-safe programming languages for new code development, has yielded impressive results. Most notably, Android has seen a sharp decline in memory safety vulnerabilities, plummeting from 76% of all vulnerabilities in 2019 to just 24% in 2024.

This reduction is particularly...

26 September 2024 | Android

Mozilla injects Rust into Thunderbird to boost performance

Mozilla has announced the release of Thunderbird 128, codenamed Nebula, which introduces significant improvements to the popular email client's codebase, stability, and overall user experience. The most notable change is the integration of Rust, a modern programming language originally created by Mozilla Research, into Thunderbird's core.

This integration marks a major leap forward for the open-source email client, as it promises to enhance code quality and performance. The...

15 July 2024 | Languages

SlashData: Rust sees fastest growth, JavaScript still dominates

According to SlashData's findings, the JavaScript community grew by an impressive four million users in the past 12 months, solidifying its status as the most widely-used programming language globally.

Here is a breakdown of the size of various programming language communities:

JavaScript: 25.2 million developers Python: 18.2 million developers Java: 17.7 million developers C++: 11.6 million developers C#: 10.2 million developers PHP: 9.8 million...

12 June 2024 | Developer

JetBrains launches 2024.1 with local AI code completion

JetBrains has released the 2024.1 updates for its IDEs with several major new features, headlined by full-line code autocompletion powered by local AI models.

The new full-line code completion functionality ensures code suggestions are processed entirely on the user's device, minimising latency and providing a seamless offline experience.

“We’ve developed models that run directly on your device, and the IDE verifies each suggestion,” explained Mikhail Kostyukov,...

4 April 2024 | Artificial Intelligence

State of Rust: Increasing global adoption supports positive outlook

The Rust Survey Working Group has reported impressive growth and increasing global adoption of the much-loved programming language.

The ‘State of Rust’ survey has been conducted for the past six years and provides valuable insights into the community's sentiments and preferences regarding Rust.

9,433 “Rustaceans” completed the most recent survey, an impressive 82 percent completion rate compared to 76 percent in the previous year. The increased engagement...

7 August 2023 | Languages

GitHub releases Blackbird code search engine

GitHub has released its reworked code search engine, Blackbird, which is built on Rust and promises faster and more comprehensive software repository exploration.

This revision, which has been in development for three years, is part of GitHub's efforts to enhance text-based search techniques for code queries.

With Blackbird, developers can quickly search, navigate, and comprehend their code, contextualize critical information and ultimately increase productivity. Colin...

10 May 2023 | Developer

Copilot X heralds a new era of AI-powered coding

GitHub has unveiled Copilot X, an upgraded version of its AI-powered coding assistance tool.

Copilot X adopts OpenAI’s latest GPT-4 model and now features chat and voice interfaces, support for pull requests, command-line support, and can generate answer questions from documentation:

https://twitter.com/marktenenholtz/status/1638549603753795584

Unlike traditional coding assistance tools that rely on simple code templates or pre-defined snippets, Copilot X uses...

24 March 2023 | Artificial Intelligence

Chromium will support third-party Rust libraries

Google has announced that it will allow third-party Rust libraries in its Chromium open-source browser project.

Chrome security team member Dana Jansens published a blog post on Thursday announcing the decision.

Jansens says that Google is now actively pursuing adding a production Rust toolchain to its build system.

“Our goal in bringing Rust into Chromium is to provide a simpler (no IPC) and safer (less complex C++ overall, no memory safety bugs in a sandbox...

13 January 2023 | Languages

Source code for Rust-based malware leaks on hacking forums

The source code for an info-stealing malware based on Rust has leaked on hacking forums.

Security analysts claim the malware is actively used in attacks and it appears to have a high antivirus evasion rate. VirusTotal returns a detection rate of around 22 percent.

The developer claims to have developed the malware in just six hours. Despite being based on Rust, the malware currently only targets Windows machines.

Cybersecurity firm Cyble analysed the malware...

26 July 2022 | Hacking & Security