Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign

In a recent analysis conducted by Sonatype, a malicious Python Package Index (PyPI) package named 'VMConnect' was discovered masquerading as the legitimate VMware vSphere connector module 'vConnector'.

The counterfeit package was found to contain sinister code designed to compromise users' systems. Further investigation revealed an ongoing campaign involving additional packages like "ethter" and "quantiumbase," all sharing the same structure and payload.

The 'VMConnect'...

4 August 2023 | Hacking & Security

Sonatype uncovers further malicious PyPI and npm packages

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries.

Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm "colors" library.

The malicious packages, including names such as "broke-rcl," "brokescolors," and "trexcolors," exclusively targeted the Windows operating system. Once installed, these packages would initiate the...

23 June 2023 | Developer

Apple opens ‘Activities’ sign-ups for WWDC 2023

Apple has opened sign-ups for ‘Activities’ which enable remote developers to actively participate in this year’s Worldwide Developers Conference (WWDC) festivities. 

Apple introduced WWDC Digital Lounges in 2021, providing developers with the opportunity to engage in online discussions with Apple engineers and designers. This year, the experience returns for WWDC23, renamed simply as Activities.

Developers can now register on the Apple Developer website to...

31 May 2023 | Developer

PyPI suspends new projects and users due to malicious activity

The PyPI (Python Package Index) team has temporarily suspended new projects and users on their platform due to malicious activity.

This surge in malicious activity aligns with a larger trend observed across several open-source registries in recent months. Notably, incidents such as the flood of malicious packages on the NPM JavaScript package manager and a similar attack on the Nuget package manager last year, involving over 140,000 malicious packages, have highlighted the...

22 May 2023 | Hacking & Security

GitHub releases Blackbird code search engine

GitHub has released its reworked code search engine, Blackbird, which is built on Rust and promises faster and more comprehensive software repository exploration.

This revision, which has been in development for three years, is part of GitHub's efforts to enhance text-based search techniques for code queries.

With Blackbird, developers can quickly search, navigate, and comprehend their code, contextualize critical information and ultimately increase productivity. Colin...

10 May 2023 | Developer

PyPI will sell ‘Organization’ accounts to corporate projects

Python Packaging Index (PyPI) has announced the introduction of ‘Organization’ accounts, as the first step in its plan to build financial support and long-term sustainability.

Organizations on PyPI are self-managed teams with exclusive branded web addresses. PyPI aims to make its platform easier to use for large community projects, organisations, or companies that manage multiple sub-teams and packages.

Notably, community projects can access the new accounts for...

24 April 2023 | Developer

Apple releases Xcode 14.3 with all the latest SDKs

Apple has released Xcode 14.3 to developers, which includes the latest SDKs for iOS 16.4, iPadOS 16.4, tvOS 16.4, watchOS 9.4, and macOS Ventura 13.3.

Xcode enables developers to create apps for Apple platforms such as iOS, macOS, and watchOS. This update allows developers to create apps that are fully compatible with the latest operating systems from Apple.

Apple recently warned that developers will be required to use Xcode 14.1 or later to build and submit their apps...

31 March 2023 | App Stores

TypeScript 5: A look at the major changes

In this article, we’ll take a look at some of the major changes in TypeScript 5.

TypeScript 5 was released earlier this month. The latest version features numerous improvements to make the language smaller, simpler, and faster.

Here are the biggest changes in the latest release:

Variadic tuple types

Variadic tuple types allow developers to define tuple types with a variable number of elements. 

In previous versions of TypeScript, the number...

27 March 2023 | Languages

Copilot X heralds a new era of AI-powered coding

GitHub has unveiled Copilot X, an upgraded version of its AI-powered coding assistance tool.

Copilot X adopts OpenAI’s latest GPT-4 model and now features chat and voice interfaces, support for pull requests, command-line support, and can generate answer questions from documentation:

https://twitter.com/marktenenholtz/status/1638549603753795584

Unlike traditional coding assistance tools that rely on simple code templates or pre-defined snippets, Copilot X uses...

24 March 2023 | Artificial Intelligence

Go re-enters TIOBE’s top 10 programming languages

Programming language Go appears to be making a resurgence as it re-enters TIOBE’s top 10 list.

TIOBE creates its programming language popularity list using search data across 25 different engines. The methodology has been regularly criticised but suffices as a rough guide of the interest in each language.

Go was created by Google and often lingers just outside of the top 10 on the TIOBE Index. The language was last in the top 10 in July 2017.

In the March...

14 March 2023 | Go