Flux
CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages
Cybersécurité Programmation

CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages

As of March 21, 2026, the CanisterWorm supply chain attack has expanded to 135 malicious package artifacts spanning more than 64 unique packages. We are tracking the incident on Socket’s dedicated CanisterWorm supply chain attack page: https://socket.dev/supply-chain-attacks/canisterworm. According to the Wiz investigation report released on March 20, 2026, the attack is attributed to “TeamPCP”, a threat actor behind the earlier Aqua Security's Trivy attacks [1 and 2]. We continue to monitor…

Socket
Beyond Code Review
IA

Beyond Code Review

Not that long ago, we were resigned to the idea that humans would need to inspect every line of AI-generated code. We’d do it personally, code reviews would always be part of a serious software practice, and the ability to read and review code would become an even more important part of a developer’s skillset. […]

O'Reilly Radar — AI/ML
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets
Cybersécurité Programmation

Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets

Update — March 22, 2026: Additional compromised Trivy artifacts have been identified in Docker Hub. New image tags (0.69.5 and 0.69.6), along with the previously identified 0.69.4, were found to contain the same infostealer payload, with latest pointing to a malicious image during the exposure window. Read our full update on the Docker image compromise here: https://socket.dev/blog/trivy-docker-images-compromised A new supply chain attack targeting Trivy has been disclosed today by Paul…

Socket
MIRI Newsletter #125
IA

MIRI Newsletter #125

The AI Doc: Buy tickets and spread the word! On Thursday, March 26th, a major new AI documentary is coming out: The AI Doc: Or How I Became an Apocaloptimist. Tickets are on sale now. The movie is excellent, and we generally believe it belongs in the same tier as If Anyone Builds It, Everyone […] The post MIRI Newsletter #125 appeared first on Machine Intelligence Research Institute.

MIRI Blog
The PHP Podcast 2026.03.19
Programmation Web

The PHP Podcast 2026.03.19

The PHP Podcast streams live, typically every Thursday at 3 PM PT. Come join us and subscribe to our YouTube channel. Another fun episode of the PHP Podcast! Here’s what we covered: 🎙️ Elizabeth Barron’s New Role – We discussed Elizabeth Barron’s appointment as Executive Director of the PHP Foundation and recommended checking out the […] The post The PHP Podcast 2026.03.19 appeared first on PHP Architect.

PHP Architect
PHP Alive And Kicking: Episode 26 Elizabeth Barron
Programmation Web

PHP Alive And Kicking: Episode 26 Elizabeth Barron

In this episode of PHP Alive and Kicking, hosted by Mike and Chris (from PHP Architect), featuring their guest Elizabeth Barron, the newly appointed Executive Director of the PHP Foundation. The conversation covers Elizabeth’s origin story in PHP (self-teaching in the late 1990s), her vision for the Foundation beyond just funding core developers […] The post PHP Alive And Kicking: Episode 26 Elizabeth Barron appeared first on PHP Architect.

PHP Architect
Summary: Mechanisms to Verify International Agreements about AI Development
IA

Summary: Mechanisms to Verify International Agreements about AI Development

If world leaders agree to halt or limit AI development, they will need to verify that other nations are keeping their commitments. To this end, it helps to know where AI chips are, how they’re used, and what the AIs trained on them can do. In this post, we informally summarize “Mechanisms to Verify International […] The post Summary: Mechanisms to Verify International Agreements about AI Development appeared first on Machine Intelligence Research Institute.

MIRI Blog