NPM supply chain attack uses Ethereum blockchain

Photo of a chain illustrating the discovery of a malware campaign that takes advantage of the npm packages ecosystem for a software supply chain attack and uses the Ethereum blockchain for resilience against cyber security detection and mitigation strategies.

Checkmarx researchers have detected a unique supply chain attack within the NPM ecosystem that uses the Ethereum blockchain.

The malicious package, dubbed "jest-fet-mock," targets developers with a multi-platform malware employing Ethereum smart contracts for command-and-control (C2) operations. This marks a convergence of blockchain technology with traditional attack vectors—a method not yet observed in NPM packages. 

Attack mechanics and distribution

The...

4 November 2024 | Blockchain

EMERALDWHALE exploits vulnerable Git configuration files

A whale made of emerald illustrating the discovery of the EMERALDWHALE campaign by cyber security researchers that exploits Git configuration files and has leaked over 15,000 credentials.

Sysdig’s Threat Research Team (TRT) has uncovered a global operation known as EMERALDWHALE, which has stolen over 15,000 cloud service credentials by exploiting exposed Git configuration files.

EMERALDWHALE utilised multiple private tools to exploit several misconfigured web services, resulting in the theft of credentials from more than 10,000 private repositories.

Though the operation's primary targets appeared to be cloud service and email providers, the ultimate aim...

1 November 2024 | Developer

GitHub Copilot now supports multiple LLMs

Picture of a person with a digital brain with multiple coloured waves illustrating the GitHub Copilot AI software development assistant gaining accessing to multiple new LLMs (large language models)

GitHub is bringing more flexibility and choice to Copilot through the integration of multiple large language models (LLMs).

Since its inception, GitHub Copilot has utilised different LLMs for varied uses. The journey began with the deployment of Codex, an early iteration of OpenAI's GPT-3, that was fine-tuned specifically for coding tasks. The evolution continued with the launch of Copilot Chat in 2023, initially using GPT-3.5 and subsequently transitioning to GPT-4. As demands...

30 October 2024 | Artificial Intelligence

GitHub Copilot users gain access to Stack Overflow knowledge

Smartphone with glasses and a book illustrating the launch of a Stack Overflow extension for the GitHub Copilot AI assistant for developers, enabling users to access the vast knowledge platform to find solutions for software development problems.

Stack Overflow has launched an extension for GitHub Copilot that promises to improve how developers find solutions. The extension allows users to pose questions directly within the AI-driven coding assistant and receive summarised responses informed by Stack Overflow's extensive knowledge base.

GitHub and Stack Overflow’s partnership aims to aid developers in tackling their most challenging coding queries. The latest Stack Overflow Developer Survey reveals that 61% of developers...

29 October 2024 | Artificial Intelligence

Web framework Svelte delivers ‘most significant release’ yet

Svelte logo as the team releases Svelte 5 of the web development framework that brings native TypeScript support in addition to existing languages like HTML, CSS, and JavaScript, plus a rank of new features and improvements for developers.

Svelte 5 has been released, marking what the team behind the web framework describes as the “most significant release in the project's history" and follows 18 months of intensive development.

The latest iteration of the web framework arrives as a ground-up rewrite, promising improved performance, reduced bundle sizes, and enhanced reliability. Despite these substantial changes, the framework maintains near-complete backwards compatibility with Svelte 4, ensuring a seamless...

25 October 2024 | Developer

JetBrains launches AI model for software development tasks

Image of a brain illustrating the launch of the new Mellum LLM by JetBrains that enhances its AI assistant for developers that specialises in software development tasks.

JetBrains has announced the launch of Mellum, its own AI model specifically engineered for software development tasks.

Mellum has been integrated exclusively into JetBrains’ AI Assistant, reporting dramatic improvements in both speed and accuracy of code completions compared to previous implementations.

Unlike more extensive language models, Mellum has been purposefully designed with a smaller footprint to deliver near-instantaneous coding suggestions. The model...

23 October 2024 | Artificial Intelligence

Holistic’s open-source tools counter AI development risks

Woman punching illustrating the launch of Holistic AI open-source tools to counter artificial intelligence software development risks and algorithmic bias.

Holistic has unveiled an open-source library to help counter AI development risks and build fairer and more responsible systems.

The library – dubbed Holistic AI OSL – arrives at a crucial moment when organisations are increasingly deploying AI systems across sensitive domains including recruitment, healthcare, and financial services. Recent studies suggest that 65% of AI researchers and developers still consider bias a significant challenge in their work.

Holistic...

23 October 2024 | Artificial Intelligence

Android’s CameraX library gets dual camera functionality boost

A person wearing two cameras to illustrate Google updating the CameraX library for Android mobile developers with improved dual camera functionality.

Android developers are set to benefit from an update to the CameraX library that improves its Dual Concurrent Camera feature. The enhancement, introduced in the 1.5.0-alpha01 release, simplifies the implementation of simultaneous streaming from two different cameras.

Donovan McMurray, Developer Relations Engineer at Google, wrote in a blog post: "CameraX will now handle the composition of the two camera streams as well."

This expanded functionality builds upon the...

18 October 2024 | Android

Unity 6 launches amid ongoing effort to rebuild trust

Person holding a gaming controller to illustrate the launch of the Unity 6 game development platform.

Unity 6 has launched and is being touted as the most stable and high-performing version of the game development platform to date.

Matt Bromberg, President and CEO of Unity, revealed the launch in a blog post, emphasising the company's commitment to developer-centric improvements and long-term support.

Bromberg, who recently took the helm from John Riccitiello amid numerous controversies, including the widely-criticised (and since-cancelled) Runtime Fee, is steering the...

17 October 2024 | Developer

Zscaler highlights security trends challenging developers

Pile of keys illustrating the security trends and challenges posed to developers highlighted in Zscaler ThreatLabz's latest cybersecurity report for 2024.

Zscaler has released its annual ThreatLabz report, highlighting security challenges that should be on every developer's radar.

The 2024 Mobile, IoT, and OT Threat Report – covering June 2023 to May 2024 – highlights critical vulnerabilities in mobile applications, IoT devices, and operational technology (OT) systems that demand immediate attention from the development community.

One of the most alarming findings is the discovery of over 200 infected applications in...

15 October 2024 | Android