GitHub enables secret scanning push protection by default

In response to the alarming trend of API keys, tokens, and other confidential data being inadvertently exposed, GitHub has taken further steps to fortify its platform against potential breaches.

Within the first two months of 2024, GitHub has uncovered one million leaked secrets across public repositories, averaging over a dozen incidents per minute. Such alarming figures underscore the pressing need for robust safeguards to protect users and their data.

Since August...

GitHub suffers from over 100K infected repos

Developers face a major security threat as over 100,000 repositories on GitHub are infected with malicious code.

This resurgence of a malicious repo confusion campaign – detected by Apiiro’s security researchers – has impacted countless developers who unwittingly use repositories they believe to be trusted but are, in fact, compromised.

Similar to dependency confusion attacks – which exploit package managers – repo confusion attacks rely on human error,...

White House urges adoption of memory-safe programming languages

The White House Office of the National Cyber Director (ONCD) has released a new report today urging the technology industry to take steps to reduce vulnerabilities in software that leave digital systems open to cyberattacks.

The report, titled "Back to the Building Blocks: A Path Toward Secure and Measurable Software," emphasises the importance of technology manufacturers adopting memory-safe programming languages to prevent entire classes of vulnerabilities from entering the...

Python packages caught using DLL sideloading to bypass security

ReversingLabs researchers have uncovered Python packages using DLL sideloading to bypass security tools.

On 10 January 2024, Karlo Zanki, a reverse engineer at ReversingLabs, stumbled upon two suspicious packages on the Python Package Index (PyPI). These packages – named NP6HelperHttptest and NP6HelperHttper – were found to be utilising DLL sideloading, a known technique used by malicious actors to execute code discreetly and evade detection from security tools.

This...

Google experiments with AI-generated ‘App Highlights’ in Play Store

Google's quest for integrating AI across its products and services continues as the tech giant is now turning to using it for enhancing the Play Store experience. According to reports, Google is experimenting with using AI to generate information for the App Highlights section in the Play Store.

An update shared on social media by code sleuth @AssembleDebug has revealed that when users tap on an app in the Play Store, they may now see information about the app's features and...

Google releases Android 15 developer preview

Google has unveiled the initial developer preview of Android 15, showcasing a range of new features aimed at enhancing user privacy, refining advertising experiences, and improving overall device performance.

Dave Burke, Google's Vice President of Engineering, says a core focus was on advancing user privacy while maintaining personalised advertising capabilities through the latest version of Privacy Sandbox on Android. This addition aims to strike a balance between protecting user...

Apple is killing web apps in the EU

Apple is ending support for progressive web apps (PWAs) for iPhone users within the EU, stirring concern among developers and users alike. This decision comes as a definitive blow to the accessibility and functionality of web-based applications on Apple devices.

The move to discontinue web app support has been apparent in each iteration of the iOS 17.4 beta, with users experiencing persistent issues. However, Apple has now clarified that this is deliberate.

In an update...

Asahi Linux’s OpenGL support leapfrogs Apple’s on M-chip Macs

The team behind the Asahi Linux project, which aims to support Linux on Apple Silicon Macs, has achieved a major milestone: its open-source graphics driver now fully supports up to OpenGL 4.6 and OpenGL ES 3.2, surpassing the OpenGL 4.1 support currently offered in macOS.

Asahi developer Alyssa Rosenzweig announced the new driver in a blog post, noting it had to pass "over 100,000 tests" to be deemed officially conformant with the OpenGL standards. This was achieved despite...

GitHub invites open-source AI developers to apply for Accelerator

GitHub has announced applications are now open for the next cohort of its Accelerator program, which provides funding, mentoring, and other benefits for early-stage open-source projects. There is a particular focus this year on developers building AI solutions.

Applications will be accepted on a rolling basis until 5 March 2024. Ten projects will be selected to participate in the 10-week program beginning 22 April 2024.

The 2024 GitHub Accelerator cohort focuses on the...

MongoDB launches Atlas Stream Processing preview

MongoDB has announced the public preview launch of Atlas Stream Processing, allowing any developer on Atlas to access the new stream processing capability. 

The introduction of Atlas Stream Processing aims to revolutionise the handling of high-velocity event data, providing developers with enhanced agility and efficiency in managing data streams.

Unveiled at .local NYC 2023, Atlas Stream Processing promises to redefine the landscape of stream data aggregation and...