Sonatype uncovers further malicious PyPI and npm packages

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries.

Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm "colors" library.

The malicious packages, including names such as "broke-rcl," "brokescolors," and "trexcolors," exclusively targeted the Windows operating system. Once installed, these packages would initiate the...

23 June 2023 | Developer

PyPI suspends new projects and users due to malicious activity

The PyPI (Python Package Index) team has temporarily suspended new projects and users on their platform due to malicious activity.

This surge in malicious activity aligns with a larger trend observed across several open-source registries in recent months. Notably, incidents such as the flood of malicious packages on the NPM JavaScript package manager and a similar attack on the Nuget package manager last year, involving over 140,000 malicious packages, have highlighted the...

22 May 2023 | Hacking & Security

OpenAI threatens GPT4Free project with lawsuit 

OpenAI has reportedly sent a letter to a European computer science student who runs the GPT4Free project on GitHub, demanding that he takes the project down within five days or face a lawsuit.

GPT4Free provides free access to the GPT4 and GPT3.5 models by funnelling the queries through sites like You.com, Quora, and CoCalc, and giving back the answers.

All of the sites GPT4Free uses pay OpenAI fees to use its large language models, and the scripts mean that those sites...

2 May 2023 | API

GSMA’s Open Gateway aims to give developers universal operator network access

The GSMA has announced the launch of GSMA Open Gateway, a framework of universal network APIs to provide universal access to operator networks for developers – with names including Microsoft and Amazon Web Services (AWS) on board.

The industry body has traditionally pursued the interests of telcos and mobile operators, and continues to do so here, with 21 mobile network operators on board for the initial push. Yet the GSMA is keen to stress that the ‘whole mobile ecosystem...

1 March 2023 | API

Google releases Flutter 3.7 and teases future improvements

Google held its Flutter Forward event this week where it announced version 3.7 of the framework and teased future improvements.

Flutter started life as a framework for developing Android and iOS apps. Over the years, it’s expanded to help developers build apps for not just mobile, but also desktop, web, and more, all from a single Dart codebase.

Google says Flutter has attracted five million developers and over 700,000 apps have been created using it. Based on GitHub...

26 January 2023 | Developer

GitHub is ending Sponsors payments via PayPal

GitHub has announced that it’s ending the ability for Sponsors to make payments via PayPal.

In a statement, GitHub wrote:

“Starting on February 23, 2023, GitHub Sponsors will no longer support PayPal as a payments processor. As such, it will no longer be possible to sponsor individuals or organizations using PayPal.

If you are sponsoring anyone on GitHub using PayPal, please update your GitHub payment method to pay by credit or debit...

24 January 2023 | Developer

Linux Foundation launches Open Metaverse Foundation

The nonprofit Linux Foundation has launched the Open Metaverse Foundation (OMF) to promote an open metaverse.

Current participating organisations of the OMF include the Cloud Native Computing Foundation, Futurewei, GenXP, Hyperledger Foundation, LF AI, LF Edge & Networking, Open Voice Network, Open Wallet, and Veriken.

When discussing the metaverse, it’s important to consider the history of the web.

The original vision for the web was a decentralised...

19 January 2023 | Blockchain

Chromium will support third-party Rust libraries

Google has announced that it will allow third-party Rust libraries in its Chromium open-source browser project.

Chrome security team member Dana Jansens published a blog post on Thursday announcing the decision.

Jansens says that Google is now actively pursuing adding a production Rust toolchain to its build system.

“Our goal in bringing Rust into Chromium is to provide a simpler (no IPC) and safer (less complex C++ overall, no memory safety bugs in a sandbox...

13 January 2023 | Languages

Visual Studio Marketplace is the latest supply chain attack vector

Aqua Security researchers have found that hackers are using Visual Studio Marketplace to conduct supply chain attacks.

In a new report, the researchers uncovered that attackers could impersonate popular VS Code extensions to trick developers into downloading malicious versions.

VS Code is the most popular IDE, with around 74.48 percent of developers using it. The vast array of extensions available for VS Code is partly what drives its popularity.

Here are some...

9 January 2023 | Development Tools

Malware campaign targets official Python and JavaScript repos

An active malware campaign is targeting official Python and JavaScript repositories.

Software supply chain security firm Phylum spotted the campaign. Phylum said that it discovered the campaign after noticing a flurry of activity around typosquats of the popular Python requests package.

Typosquats take advantage of simple typos to install malicious packages.

In this case, the PyPI typos include: dequests, fequests, gequests, rdquests, reauests, reduests,...

13 December 2022 | Hacking & Security