Clipper malware found in over 451 PyPI packages

Phylum security researchers have discovered over 451 packages on the Python Package Index (PyPI) that are infected with “clipper” malware.

Clippers replace the contents of a victim’s clipboard with something which benefits the attacker. The most prevalent clippers today look for cryptocurrency addresses and modify them to steal funds.

Starting on February 9th, Phylum was alerted by its automated risk detection platform to a long series of suspicious publications to...

15 February 2023 | Hacking & Security

The most in-demand programming languages for 2023

Coding Dojo has released its list of the most in-demand programming languages for this year.

The list uses the number of open full-time jobs to determine the skills that employers are desperately looking for.

Notably, the top three most in-demand languages have been shaken up. Likely driven by the demand for machine learning solutions, Python is now in the top spot.

Here are the top 10 programming languages by open full-time positions and their ranking change...

8 February 2023 | Developer

Malware campaign targets official Python and JavaScript repos

An active malware campaign is targeting official Python and JavaScript repositories.

Software supply chain security firm Phylum spotted the campaign. Phylum said that it discovered the campaign after noticing a flurry of activity around typosquats of the popular Python requests package.

Typosquats take advantage of simple typos to install malicious packages.

In this case, the PyPI typos include: dequests, fequests, gequests, rdquests, reauests, reduests,...

13 December 2022 | Hacking & Security

TIOBE: C++ overtakes Java in programming language popularity

According to the latest TIOBE Index, C++ has overtaken Java in programming language popularity.

The TIOBE Index uses searches across 25 different engines to calculate the popularity of Turing-complete languages. The methodology used for the index has regularly been criticised but it suffices as a rough guide.

Java has been a mainstay in the top three programming languages since the TIOBE Index launched in 2001. However, that impressive streak came to an end this...

12 December 2022 | Java

PyPI maintainers warn of ongoing phishing attack

The maintainers of the Python Package Index (PyPI) have warned of an ongoing phishing attack targeting users.

“Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI,” wrote the maintainers in a tweet.

A phishing email is sent to users warning that PyPI is implementing a mandatory ‘validation’ process and that users must follow a link or risk their package being removed:

The...

25 August 2022 | Hacking & Security

PyPI package installs cryptominer on Linux systems

A malicious PyPI package was used to install a Monero cryptominer on Linux systems.

The package in question, secretslib, was pushed to the official third-party software repo for Python on 6th August 2022. The package was described as “secrets matching and verification made easy”.

Sonatype’s automated malware detection system flagged secretslib as potentially malicious. Further analysis proved its suspicions to be correct.

“The package covertly runs...

15 August 2022 | Hacking & Security

Snowflake boosts native python support and data access

A green tree python.

Snowflake, the Data Cloud company, has unveiled new enhancements that improve programmability for data scientists, data engineers, and application developers

The company announced the update this week at its annual user conference, Snowflake Summit 2022, in Las Vegas.

Snowflake’s latest innovations bring Python to the forefront, with the launch of Snowpark for Python, now in public preview, and a native integration with Streamlit for rapid application development and...

15 June 2022 | Developer

These programming languages were most in-demand in 2021

Coding Dojo has released its annual review of the programming language skills most sought after from employers.

For its research, Coding Dojo scours jobs listing site Indeed. The company looks at what languages appear most in job descriptions and compares their prevalence with previous years to identify trends that could give you an advantage.

Python retained its lead in 2021 as the language which cropped up in the most (~70,500) job descriptions. Rounding out the top...

8 March 2022 | Java

State of Software Security v12: Don’t become complacent, but we’ve come a long way

Veracode’s latest State of Software Security report highlights that applications are, on average, more secure than ever.

Getting the negatives out the way first, the report warns about the devastating “domino effect” that one vulnerability can have on software across the globe.

One clear example of this in action was the SolarWinds attack in which hackers inserted malicious code into the company’s Orion software. Every company and organisation using Orion was...

8 February 2022 | Developer

Déjà vu: Python wins TIOBE Programming Language of the Year

According to TIOBE, Python was the programming language that stole developers’ hearts in 2021.

It’s the second time in a row that Python has been crowned the TIOBE Programming Language of the Year.

Last month, TIOBE Software CEO Paul Jansen floated the possibility that C# may take the crown for the first time after posting the highest rating growth (+2.21%) in the top 20 of the TIOBE Index in December.

"It is interesting to note that C# has never won the...

4 January 2022 | Languages