Flux
Widespread GitHub Campaign Uses Fake VS Code Security Alerts to Deliver Malware
Cybersécurité Programmation

Widespread GitHub Campaign Uses Fake VS Code Security Alerts to Deliver Malware

A large-scale phishing campaign is targeting developers directly inside GitHub, using fake Visual Studio Code security alerts posted through Discussions to trick users into installing malicious software. Here's one example, saved to the Internet Archive, as we assume these will quickly be taken down: Early searches show thousands of nearly identical posts across repositories, indicating this is not an isolated incident but a coordinated spam campaign. Because GitHub Discussions trigger email…

Socket
LiteLLM Hack: Were You One of the 47,000?
IA Programmation

LiteLLM Hack: Were You One of the 47,000?

LiteLLM Hack: Were You One of the 47,000? Daniel Hnyk used the BigQuery PyPI dataset to determine how many downloads there were of the exploited LiteLLM packages during the 46 minute period they were live on PyPI. The answer was 46,996 across the two compromised release versions (1.82.7 and 1.82.8). They also identified 2,337 packages that depended on LiteLLM - 88% of which did not pin versions in a way that would have avoided the exploited version. Via @hnykda Tags: packaging, pypi, python,…

Simon Willison's Weblog
Spotting and Avoiding ROT in Your Agentic AI
IA

Spotting and Avoiding ROT in Your Agentic AI

The following article originally appeared on Q McCallum’s blog and is being republished here with the author’s permission. Generative AI agents and rogue traders pose similar insider threats to their employers. Specifically, we can expect companies to deploy agentic AI with broad reach and insufficient oversight. That creates the conditions for a particular flavor of […]

O'Reilly Radar — AI/ML
★ What's new in laravel-activitylog v5
Programmation Web

★ What's new in laravel-activitylog v5

We just released v5 of laravel-activitylog, our package for logging user activity and model events in Laravel. In Flare, Mailcoach, and Oh Dear we use it to build audit logs, so we can track what users are doing: who changed a setting, who deleted a project, who invited a team member. If you need something similar in your app, this package makes it easy. This major release requires PHP 8.4+ and Laravel 12+, and brings a cleaner API, a better database schema, and customizable internals. Let me…

Freek Van der Herten
Welcoming Matt Stauffer to The PHP Foundation Board
Programmation Web

Welcoming Matt Stauffer to The PHP Foundation Board

We are thrilled to announce that Matt Stauffer has agreed to join The PHP Foundation Board, where he will bring his decades of experience in the PHP ecosystem. Matt joins the Board as a community representative and was voted in by the existing Board members. Not only is Matt a Laravel expert, he has created / maintained dozens of PHP and JavaScript open source packages, he is a published author, and he hosts several successful industry podcasts. We are grateful for his insight, input, and…

The PHP Foundation
Auto mode for Claude Code
IA Programmation

Auto mode for Claude Code

Auto mode for Claude Code Really interesting new development in Claude Code today as an alternative to --dangerously-skip-permissions: Today, we're introducing auto mode, a new permissions mode in Claude Code where Claude makes permission decisions on your behalf, with safeguards monitoring actions before they run. Those safeguards appear to be implemented using Claude Sonnet 4.6, as described in the documentation: Before each action runs, a separate classifier model reviews the conversation…

Simon Willison's Weblog
Package Managers Need to Cool Down
IA Programmation

Package Managers Need to Cool Down

Package Managers Need to Cool Down Today's LiteLLM supply chain attack inspired me to revisit the idea of dependency cooldowns, the practice of only installing updated dependencies once they've been out in the wild for a few days to give the community a chance to spot if they've been subverted in some way. This recent piece (March 4th) piece by Andrew Nesbitt reviews the current state of dependency cooldown mechanisms across different packaging tools. It's surprisingly well supported! There's…

Simon Willison's Weblog
5 Malicious npm Packages Typosquat Solana and Ethereum Libraries to Steal Private Keys
Cybersécurité Programmation

5 Malicious npm Packages Typosquat Solana and Ethereum Libraries to Steal Private Keys

Socket's Threat Research Team identified five malicious npm packages published under the account galedonovan, all targeting cryptocurrency developers. Each package typosquats a legitimate crypto library and exfiltrates private keys to a single hardcoded Telegram bot. The campaign covers both the Solana and Ethereum ecosystems, and the C2 infrastructure was confirmed active as of March 23, 2026. One of the packages, base_xd, was published by the same account but was unpublished within five…

Socket
TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem
Cybersécurité Programmation

TeamPCP Is Systematically Targeting Security Tools Across the OSS Ecosystem

TeamPCP is escalating a coordinated campaign targeting security tools and open source developer infrastructure, and is now openly taking credit for multiple follow-on attacks across ecosystems. In recent Telegram posts, the group has claimed responsibility for expanding beyond the initial Trivy compromise, pointing to attacks on GitHub Actions, OpenVSX extensions, and now PyPI. The latest development includes attacks on Checkmarx' KICS scanner and OpenVSX extensions and a trojanized release of…

Socket