PyPI package installs cryptominer on Linux systems

A malicious PyPI package was used to install a Monero cryptominer on Linux systems.

The package in question, secretslib, was pushed to the official third-party software repo for Python on 6th August 2022. The package was described as “secrets matching and verification made easy”.

Sonatype’s automated malware detection system flagged secretslib as potentially malicious. Further analysis proved its suspicions to be correct.

“The package covertly runs...

Xcode 14 beta practically confirms iPhone 14 Pro will get an AOD

The latest beta of Xcode 14 all but confirms that an always-on display (AOD) will arrive with the iPhone 14 Pro lineup.

AODs have featured on numerous Android devices since around 2016. Over in the Apple garden, the only device to feature an AOD is the Apple Watch (Series 5+)

Rather than have to fully wake up your display to obsessively check for information, AODs enable data to be seen at-a-glance.

AODs require very low refresh rates to preserve battery. The...

Source code for Rust-based malware leaks on hacking forums

The source code for an info-stealing malware based on Rust has leaked on hacking forums.

Security analysts claim the malware is actively used in attacks and it appears to have a high antivirus evasion rate. VirusTotal returns a detection rate of around 22 percent.

The developer claims to have developed the malware in just six hours. Despite being based on Rust, the malware currently only targets Windows machines.

Cybersecurity firm Cyble analysed the malware...

Snowflake boosts native python support and data access

A green tree python.

Snowflake, the Data Cloud company, has unveiled new enhancements that improve programmability for data scientists, data engineers, and application developers

The company announced the update this week at its annual user conference, Snowflake Summit 2022, in Las Vegas.

Snowflake’s latest innovations bring Python to the forefront, with the launch of Snowpark for Python, now in public preview, and a native integration with Streamlit for rapid application development and...

Xcode Cloud is now available to all developers

Apple has announced that Xcode Cloud is now available to all developers.

Xcode Cloud was first announced during WWDC 2021. Over the past year, it’s gradually been rolling out in beta to lucky developers.

A year (and a WWDC) later, Xcode Cloud is leaving beta.

Xcode Cloud is a continuous integration and delivery service that’s built into Xcode. The solution accelerates the development and delivery of apps by bringing together cloud-based tools that help...

80% of Spring framework downloads are exploitable versions

Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions.

Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE publication.

Spring4Shell allows unauthenticated remote code execution. This week, the US...

Spring4Shell vulnerability could have ‘a larger impact’ than Log4j

A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j.

Log4j made waves in recent months as the vulnerability in the popular open-source logging library enabled attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

However, attention is now shifting to the Spring4Shell exploit.

Spring4Shell is a zero-day remote code execution (RCE)...

Apps will soon need to be submitted to the App Store using Xcode 13

Apple has reminded developers that apps will soon need to be submitted to the App Store using Xcode 13.

From 25 April 2022, Apple will only accept the submission of apps that are built using the latest version of its IDE.

“iOS, iPadOS, and watchOS apps submitted to the App Store must be built with Xcode 13, which includes the SDKs for iOS 15, iPadOS 15, and watchOS 8,” wrote Apple on its developer site.

Apple goes on to tout how Xcode 13 enables developers...

These programming languages were most in-demand in 2021

Coding Dojo has released its annual review of the programming language skills most sought after from employers.

For its research, Coding Dojo scours jobs listing site Indeed. The company looks at what languages appear most in job descriptions and compares their prevalence with previous years to identify trends that could give you an advantage.

Python retained its lead in 2021 as the language which cropped up in the most (~70,500) job descriptions. Rounding out the top...

2022 Java Developer Productivity Report: Teams aren’t realising the promise of microservices

The latest edition of Perforce’s annual Java Developer Productivity Report highlights that teams aren’t realising the full promise of microservices and CI/CD.

Developers are often finding that microservices and CI/CD are decreasing their productivity rather than improving. 

Among CI/CD users, 42 percent of respondents report build completion times of over five minutes. The most common (33%) response was build times exceeding 10 minutes.

The highest...