Entry points threaten multiple open-source ecosystems

Sign illustrating how vulnerabilities with entry points can be exploited by hackers to threaten open-source packages of multiple programming ecosystems.

While current tools have improved at detecting common tactics for exploiting open-source packages, a feature remains largely overlooked: entry points.

Security researchers at Checkmarx uncovered how attackers can leverage entry points across multiple programming ecosystems, with a particular focus on PyPI, to trick victims into running malicious code. This method – while not allowing for immediate system compromise – offers a subtler approach for patient attackers to...

14 October 2024 | Developer

Safe Coding: Google’s strategy reduces memory safety vulnerabilities

Google logo illustrating its Safe Coding strategy to reduce memory safety vulnerabilities to improve security.

Google has unveiled compelling data highlighting the efficacy of its "Safe Coding" approach in reducing memory safety vulnerabilities.

The tech giant's strategy, which prioritises the use of memory-safe programming languages for new code development, has yielded impressive results. Most notably, Android has seen a sharp decline in memory safety vulnerabilities, plummeting from 76% of all vulnerabilities in 2019 to just 24% in 2024.

This reduction is particularly...

26 September 2024 | Android

Mozilla injects Rust into Thunderbird to boost performance

Mozilla has announced the release of Thunderbird 128, codenamed Nebula, which introduces significant improvements to the popular email client's codebase, stability, and overall user experience. The most notable change is the integration of Rust, a modern programming language originally created by Mozilla Research, into Thunderbird's core.

This integration marks a major leap forward for the open-source email client, as it promises to enhance code quality and performance. The...

15 July 2024 | Languages

SlashData: Rust sees fastest growth, JavaScript still dominates

According to SlashData's findings, the JavaScript community grew by an impressive four million users in the past 12 months, solidifying its status as the most widely-used programming language globally.

Here is a breakdown of the size of various programming language communities:

JavaScript: 25.2 million developers Python: 18.2 million developers Java: 17.7 million developers C++: 11.6 million developers C#: 10.2 million developers PHP: 9.8 million...

12 June 2024 | Developer

JetBrains launches 2024.1 with local AI code completion

JetBrains has released the 2024.1 updates for its IDEs with several major new features, headlined by full-line code autocompletion powered by local AI models.

The new full-line code completion functionality ensures code suggestions are processed entirely on the user's device, minimising latency and providing a seamless offline experience.

“We’ve developed models that run directly on your device, and the IDE verifies each suggestion,” explained Mikhail Kostyukov,...

4 April 2024 | Artificial Intelligence

GitHub releases Blackbird code search engine

GitHub has released its reworked code search engine, Blackbird, which is built on Rust and promises faster and more comprehensive software repository exploration.

This revision, which has been in development for three years, is part of GitHub's efforts to enhance text-based search techniques for code queries.

With Blackbird, developers can quickly search, navigate, and comprehend their code, contextualize critical information and ultimately increase productivity. Colin...

10 May 2023 | Developer

Chromium will support third-party Rust libraries

Google has announced that it will allow third-party Rust libraries in its Chromium open-source browser project.

Chrome security team member Dana Jansens published a blog post on Thursday announcing the decision.

Jansens says that Google is now actively pursuing adding a production Rust toolchain to its build system.

“Our goal in bringing Rust into Chromium is to provide a simpler (no IPC) and safer (less complex C++ overall, no memory safety bugs in a sandbox...

13 January 2023 | Languages

Source code for Rust-based malware leaks on hacking forums

The source code for an info-stealing malware based on Rust has leaked on hacking forums.

Security analysts claim the malware is actively used in attacks and it appears to have a high antivirus evasion rate. VirusTotal returns a detection rate of around 22 percent.

The developer claims to have developed the malware in just six hours. Despite being based on Rust, the malware currently only targets Windows machines.

Cybersecurity firm Cyble analysed the malware...

26 July 2022 | Hacking & Security

Rust vulnerability enables attackers to delete files and directories

Maintainers of the Rust programming language have warned of a critical vulnerability that enables attackers to delete files and directories.

In a security advisory, the Rust Security Response Working Group wrote:

“The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable to a race condition enabling symlink following (CWE-363).

An attacker could use this security issue to trick a privileged program into...

24 January 2022 | Hacking & Security

2021 Stack Overflow Survey: React.js takes the web framework crown, Python is in-demand, and devs still love Rust

The 2021 edition of Stack Overflow’s developer survey features both substantial changes in the landscape while other elements have remained stubbornly resilient.

In a blog post, Stack Overflow’s Ben Popper and David Gibson wrote:

“This year’s survey was a little different than ones in years past. We opened our 2020 survey in February, and by the time we got around to publishing the results, the reality of work and daily life had shifted dramatically for people...

3 August 2021 | Development Tools