Flux
Beats now have notes
IA Programmation

Beats now have notes

Last month I added a feature I call beats to this blog, pulling in some of my other content from external sources and including it on the homepage, search and various archive pages on the site. On any given day these frequently outnumber my regular posts. They were looking a little bit thin and were lacking any form of explanation beyond a link, so I've added the ability to annotate them with a "note" which now shows up as part of their display. Here's what that looks like for the content I…

Simon Willison's Weblog
Experimenting with Starlette 1.0 with Claude skills
IA Programmation

Experimenting with Starlette 1.0 with Claude skills

Starlette 1.0 is out! This is a really big deal. I think Starlette may be the Python framework with the most usage compared to its relatively low brand recognition because Starlette is the foundation of FastAPI, which has attracted a huge amount of buzz that seems to have overshadowed Starlette itself. Kim Christie started working on Starlette in 2018 and it quickly became my favorite out of the new breed of Python ASGI frameworks. The only reason I didn't use it as the basis for my own…

Simon Willison's Weblog
Trivy Supply Chain Attack Expands to Compromised Docker Images
Cybersécurité Programmation

Trivy Supply Chain Attack Expands to Compromised Docker Images

Socket's threat research team has identified additional compromised Trivy artifacts published to Docker Hub, following the recently disclosed GitHub Actions compromise affecting the aquasecurity/trivy-action repository. New image tags 0.69.5 and 0.69.6 were pushed on March 22 without corresponding GitHub releases or tags. Both images contain indicators of compromise associated with the same TeamPCP infostealer observed in earlier stages of this campaign. The latest tag currently points to…

Socket
CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages
Cybersécurité Programmation

CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages

As of March 21, 2026, the CanisterWorm supply chain attack has expanded to 135 malicious package artifacts spanning more than 64 unique packages. We are tracking the incident on Socket’s dedicated CanisterWorm supply chain attack page: https://socket.dev/supply-chain-attacks/canisterworm. According to the Wiz investigation report released on March 20, 2026, the attack is attributed to “TeamPCP”, a threat actor behind the earlier Aqua Security's Trivy attacks [1 and 2]. We continue to monitor…

Socket
Beyond Code Review
IA

Beyond Code Review

Not that long ago, we were resigned to the idea that humans would need to inspect every line of AI-generated code. We’d do it personally, code reviews would always be part of a serious software practice, and the ability to read and review code would become an even more important part of a developer’s skillset. […]

O'Reilly Radar — AI/ML
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets
Cybersécurité Programmation

Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets

Update — March 22, 2026: Additional compromised Trivy artifacts have been identified in Docker Hub. New image tags (0.69.5 and 0.69.6), along with the previously identified 0.69.4, were found to contain the same infostealer payload, with latest pointing to a malicious image during the exposure window. Read our full update on the Docker image compromise here: https://socket.dev/blog/trivy-docker-images-compromised A new supply chain attack targeting Trivy has been disclosed today by Paul…

Socket
MIRI Newsletter #125
IA

MIRI Newsletter #125

The AI Doc: Buy tickets and spread the word! On Thursday, March 26th, a major new AI documentary is coming out: The AI Doc: Or How I Became an Apocaloptimist. Tickets are on sale now. The movie is excellent, and we generally believe it belongs in the same tier as If Anyone Builds It, Everyone […] The post MIRI Newsletter #125 appeared first on Machine Intelligence Research Institute.

MIRI Blog
The PHP Podcast 2026.03.19
Programmation Web

The PHP Podcast 2026.03.19

The PHP Podcast streams live, typically every Thursday at 3 PM PT. Come join us and subscribe to our YouTube channel. Another fun episode of the PHP Podcast! Here’s what we covered: 🎙️ Elizabeth Barron’s New Role – We discussed Elizabeth Barron’s appointment as Executive Director of the PHP Foundation and recommended checking out the […] The post The PHP Podcast 2026.03.19 appeared first on PHP Architect.

PHP Architect