Flux
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Cybersécurité Programmation

TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware

Socket has identified a supply chain attack affecting the telnyx Python package on PyPI. The telnyx library is the official Python SDK for the Telnyx communications platform, providing developers with programmatic access to APIs for voice calls, SMS/MMS messaging, WhatsApp, fax, IoT connectivity, and SIP trunking. It is commonly used in backend systems to integrate real-time communications and telephony into applications. Because the library is used to authenticate and send requests directly to…

Socket
Community Corner Podcast: Nginx and You with Chris Lemon
Programmation Web

Community Corner Podcast: Nginx and You with Chris Lemon

In this episode, Scott talks with Chris Lemon about why us “normal” non-devops developers need to know about Nginx. We also discuss his talk at https://phptek.io/ (tickets still available). Links: Our Discord – https://discord.gg/aMTxunVx Buy our shirts – https://store.phparch.com/products/community-corner-podcast-t-shirt Chris’s Links: LinkedIn – https://linkedin.com/in/clemon89 GPUG – https://www.meetup.com/_gpug_/ Scott’s Links: Website – https://scott.keck-warren.com/ Bluesky – […] The post…

PHP Architect
We Rewrote JSONata with AI in a Day, Saved $500K/Year
IA Programmation

We Rewrote JSONata with AI in a Day, Saved $500K/Year

We Rewrote JSONata with AI in a Day, Saved $500K/Year Bit of a hyperbolic framing but this looks like another case study of vibe porting, this time spinning up a new custom Go implementation of the JSONata JSON expression language - similar in focus to jq, and heavily associated with the Node-RED platform. As with other vibe-porting projects the key enabling factor was JSONata's existing test suite, which helped build the first working Go version in 7 hours and $400 of token spend. The Reco…

Simon Willison's Weblog
The PHP Podcast 2026.03.26
Programmation Web

The PHP Podcast 2026.03.26

The PHP Podcast streams live, typically every Thursday at 3 PM PT. Come join us and subscribe to our YouTube channel. Another fun episode of the PHP Podcast! Here’s what we covered: 🏟️ php[tek] 2026 – 54 Days Away! The countdown is on! May 19th in Chicago. Ticket sales are progressing well, better than in […] The post The PHP Podcast 2026.03.26 appeared first on PHP Architect.

PHP Architect
My minute-by-minute response to the LiteLLM malware attack
IA Programmation

My minute-by-minute response to the LiteLLM malware attack

My minute-by-minute response to the LiteLLM malware attack Callum McMahon reported the LiteLLM malware attack to PyPI. Here he shares the Claude transcripts he used to help him confirm the vulnerability and decide what to do about it. Claude even suggested the PyPI security contact address after confirming the malicious code in a Docker container: Confirmed. Fresh download from PyPI right now in an isolated Docker container: Inspecting: litellm-1.82.8-py3-none-any.whl FOUND: litellm_init.pth…

Simon Willison's Weblog
TeamPCP Partners With Ransomware Group Vect to Target Open Source Supply Chains
Cybersécurité Programmation

TeamPCP Partners With Ransomware Group Vect to Target Open Source Supply Chains

The ongoing attacks targeting Trivy, LiteLLM, and other open source security tools are entering a new phase, with claims that TeamPCP has partnered with the Vect ransomware group to leverage supply chain compromises for ransomware operations. Posts attributed to Vect on BreachForums announced a partnership with TeamPCP, the actors behind recent cross-ecosystem supply chain attacks involving GitHub Actions, OpenVSX extensions, Docker images, and npm and PyPI packages: Vect Ransomware Group is…

Socket
Quantization from the ground up
IA Programmation

Quantization from the ground up

Quantization from the ground up Sam Rose continues his streak of publishing spectacularly informative interactive essays, this time explaining how quantization of Large Language Models works (which he says might be "the best post I've ever made".) Also included is the best visual explanation I've ever seen of how floating point numbers are represented using binary digits. I hadn't heard about outlier values in quantization - rare float values that exist outside of the normal tiny-value…

Simon Willison's Weblog
Thoughts on slowing the fuck down
IA Programmation

Thoughts on slowing the fuck down

Thoughts on slowing the fuck down Mario Zechner created the Pi agent framework used by OpenClaw, giving considerable credibility to his opinions on current trends in agentic engineering. He's not impressed: We have basically given up all discipline and agency for a sort of addiction, where your highest goal is to produce the largest amount of code in the shortest amount of time. Consequences be damned. Agents and humans both make mistakes, but agent mistakes accumulate much faster: A human is a…

Simon Willison's Weblog
datasette-llm 0.1a1
IA Programmation

datasette-llm 0.1a1

Release: datasette-llm 0.1a1 New release of the base plugin that makes models from LLM available for use by other Datasette plugins such as datasette-enrichments-llm. New register_llm_purposes() plugin hook and get_purposes() function for retrieving registered purpose strings. #1 One of the responsibilities of this plugin is to configure which models are used for which purposes, so you can say in one place "data enrichment uses GPT-5.4-nano but SQL query assistance happens using Sonnet 4.6",…

Simon Willison's Weblog