Flux
Toutes les catégories

Programmation

1557 articles

Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor
Cybersécurité Programmation

Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor

Socket's Threat Research Team identified a malicious Go module published as github.com/shopsprint/decimal, a typosquat of the widely used github.com/shopspring/decimal arbitrary precision arithmetic library. The typosquatted module has been present on the Go ecosystem since 2017-11-08 and was weaponized on 2023-08-19 when version v1.3.3 added a malicious init() function that opens a DNS TXT record command and control channel to a threat actor controlled subdomain on a free dynamic DNS provider.…

Socket
Active Supply Chain Attack Compromises @antv Packages on npm
Cybersécurité Programmation

Active Supply Chain Attack Compromises @antv Packages on npm

Socket’s Threat Research team is investigating an active npm supply chain attack involving compromised packages in the @antv ecosystem. The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly downloads. Socket quickly detected the malicious publish wave and classified the affected versions as known malware. Socket’s internal review identified hundreds of unique packages. The…

Socket
The last six months in LLMs in five minutes
IA Programmation

The last six months in LLMs in five minutes

I put together these annotated slides from my five minute lightning talk at PyCon US 2026, using the latest iteration of my annotated presentation tool. # I presented this lightning talk at PyCon US 2026, attempting to summarize the last six months of developments in LLMs in five minutes. # Six months is a pretty convenient time period to cover, because it captures what I've been calling the November 2025 inflection point. November was a critical month in LLMs, especially for coding. # For one…

Simon Willison's Weblog
Announcing the Ecosystem Security Team at The PHP Foundation
Programmation Web

Announcing the Ecosystem Security Team at The PHP Foundation

The core mission of the PHP Foundation is to ensure the long-term prosperity of the PHP language. Today, your, or your company's, financial contributions primarily fund developers working on the PHP language. In addition to sponsorships, the PHP Foundation uses grants to enable projects like last year's PHP Core Security Audit funded by the Sovereign Tech Agency. In March, the Linux Foundation announced a grant with the goal of strengthening the security of the open source software ecosystem.…

The PHP Foundation
GDS weighs in on the NHS's decision to retreat from Open Source
IA Programmation

GDS weighs in on the NHS's decision to retreat from Open Source

GDS weighs in on the NHS's decision to retreat from Open Source Terence Eden continues his coverage of the NHS' poorly considered decision to close down access to their open source repositories in response to vulnerabilities reported to them as part of Project Glasswing. Now the Government Digital Service have joined the conversation with AI, open code and vulnerability risk in the public sector, published May 14th. Their key recommendation: Keep open by default. Making everything private…

Simon Willison's Weblog