Python packages caught using DLL sideloading to bypass security

ReversingLabs researchers have uncovered Python packages using DLL sideloading to bypass security tools.

On 10 January 2024, Karlo Zanki, a reverse engineer at ReversingLabs, stumbled upon two suspicious packages on the Python Package Index (PyPI). These packages – named NP6HelperHttptest and NP6HelperHttper – were found to be utilising DLL sideloading, a known technique used by malicious actors to execute code discreetly and evade detection from security tools.

This...

Asahi Linux’s OpenGL support leapfrogs Apple’s on M-chip Macs

The team behind the Asahi Linux project, which aims to support Linux on Apple Silicon Macs, has achieved a major milestone: its open-source graphics driver now fully supports up to OpenGL 4.6 and OpenGL ES 3.2, surpassing the OpenGL 4.1 support currently offered in macOS.

Asahi developer Alyssa Rosenzweig announced the new driver in a blog post, noting it had to pass "over 100,000 tests" to be deemed officially conformant with the OpenGL standards. This was achieved despite...

GitHub invites open-source AI developers to apply for Accelerator

GitHub has announced applications are now open for the next cohort of its Accelerator program, which provides funding, mentoring, and other benefits for early-stage open-source projects. There is a particular focus this year on developers building AI solutions.

Applications will be accepted on a rolling basis until 5 March 2024. Ten projects will be selected to participate in the 10-week program beginning 22 April 2024.

The 2024 GitHub Accelerator cohort focuses on the...

Open source wins concessions in new EU cyber law

The European Cyber Resilience Act (CRA) has undergone substantial revisions, bringing relief to the open-source community.

Back in April, the Python Software Foundation (PSF) had expressed concerns about potential repercussions for CPython and PyPI if the initial form of CRA were to be enacted.

The primary worry was that, in the course of providing open-source software, the PSF and the Python community might assume legal responsibility for security issues in products...

AOUSD unveils roadmap towards OpenUSD standardisation

The Alliance for OpenUSD (AOUSD) has unveiled a roadmap outlining its journey towards establishing OpenUSD (Universal Scene Description) as an international standard.

AOUSD's two-year roadmap is a strategic plan to make OpenUSD an international standard for interoperability in describing 3D scenes and environments.

The Core Specification working group, a key component of this roadmap, will lay the foundation for OpenUSD by defining the structure and interpretation of...

Checkmarx uncovers persistent Python package threat

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain.

The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in, successfully garnered thousands of downloads. The malicious payload, embedded within the...

Google prepares Android for the RISC-V era

Google is bolstering its support for the RISC-V open instruction set architecture (ISA) in Android.

RISC-V – developed a decade ago at the University of California, Berkeley – has rapidly gained popularity in various spaces, from embedded systems to servers and mobile computing. Google's move towards integrating RISC-V into Android signals a new era of collaboration and innovation in the hardware ecosystem.

At the RISC-V Summit in 2022, Google revealed that it had...

Lightning AI becomes a PyTorch Foundation premier member

The PyTorch Foundation, a neutral hub facilitating collaboration within the deep learning community, has announced that Lightning AI has become a premier member.

Lightning AI is the driving force behind PyTorch Lightning, an open-source framework and platform empowering companies to construct and deploy cutting-edge AI products employing the latest generative AI models.

Luca Antiga, CTO of Lightning AI, expressed the importance of this collaboration:

“By...

Python Developers Survey: Python 2 clings on for certain use cases

A new survey from the Python Software Foundation has found that while Python 3 remains dominant both for work and play, usage of Python 2 crept up from the previous year.

The study, in association with JetBrains which polled more than 23,000 Python developers, found 93% of respondents had already implemented Python 3, based on responses from the end of 2022. Yet this was down on the 95% cited from the previous year.

To find a reason why, there are a few small clues based...

Ruby on Rails creator deplores ‘open-source hooliganism’

Ruby on Rails creator David Heinemeier Hansson has expressed his concerns about what he called "open-source hooliganism."

Hansson recounted a recent incident involving the TypeScript community and their reaction to a decision made by the team behind Turbo.

Hansson began by acknowledging the passion that many developers have for their preferred programming languages and tools. He noted that the enthusiasm displayed by these individuals is a testament to their dedication...