Intel joins PyTorch Foundation as a ‘Premier’ member

Intel has become a ‘Premier’ member of the PyTorch Foundation in a move aimed at propelling the advancement of AI.

PyTorch is a popular open-source framework that accelerates AI application development and facilitates experimentation that can lead to creative breakthroughs in the field. The framework was originally developed by Meta AI and is now part of the Linux Foundation.

Intel's involvement with PyTorch dates back to 2018, with a clear vision to democratise AI...

Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign

In a recent analysis conducted by Sonatype, a malicious Python Package Index (PyPI) package named 'VMConnect' was discovered masquerading as the legitimate VMware vSphere connector module 'vConnector'.

The counterfeit package was found to contain sinister code designed to compromise users' systems. Further investigation revealed an ongoing campaign involving additional packages like "ethter" and "quantiumbase," all sharing the same structure and payload.

The 'VMConnect'...

Sonatype uncovers further malicious PyPI and npm packages

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries.

Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm "colors" library.

The malicious packages, including names such as "broke-rcl," "brokescolors," and "trexcolors," exclusively targeted the Windows operating system. Once installed, these packages would initiate the...

PyPI suspends new projects and users due to malicious activity

The PyPI (Python Package Index) team has temporarily suspended new projects and users on their platform due to malicious activity.

This surge in malicious activity aligns with a larger trend observed across several open-source registries in recent months. Notably, incidents such as the flood of malicious packages on the NPM JavaScript package manager and a similar attack on the Nuget package manager last year, involving over 140,000 malicious packages, have highlighted the...

PyPI will sell ‘Organization’ accounts to corporate projects

Python Packaging Index (PyPI) has announced the introduction of ‘Organization’ accounts, as the first step in its plan to build financial support and long-term sustainability.

Organizations on PyPI are self-managed teams with exclusive branded web addresses. PyPI aims to make its platform easier to use for large community projects, organisations, or companies that manage multiple sub-teams and packages.

Notably, community projects can access the new accounts for...

Copilot X heralds a new era of AI-powered coding

GitHub has unveiled Copilot X, an upgraded version of its AI-powered coding assistance tool.

Copilot X adopts OpenAI’s latest GPT-4 model and now features chat and voice interfaces, support for pull requests, command-line support, and can generate answer questions from documentation:

https://twitter.com/marktenenholtz/status/1638549603753795584

Unlike traditional coding assistance tools that rely on simple code templates or pre-defined snippets, Copilot X uses...

Go re-enters TIOBE’s top 10 programming languages

Programming language Go appears to be making a resurgence as it re-enters TIOBE’s top 10 list.

TIOBE creates its programming language popularity list using search data across 25 different engines. The methodology has been regularly criticised but suffices as a rough guide of the interest in each language.

Go was created by Google and often lingers just outside of the top 10 on the TIOBE Index. The language was last in the top 10 in July 2017.

In the March...

Clipper malware found in over 451 PyPI packages

Phylum security researchers have discovered over 451 packages on the Python Package Index (PyPI) that are infected with “clipper” malware.

Clippers replace the contents of a victim’s clipboard with something which benefits the attacker. The most prevalent clippers today look for cryptocurrency addresses and modify them to steal funds.

Starting on February 9th, Phylum was alerted by its automated risk detection platform to a long series of suspicious publications to...

The most in-demand programming languages for 2023

Coding Dojo has released its list of the most in-demand programming languages for this year.

The list uses the number of open full-time jobs to determine the skills that employers are desperately looking for.

Notably, the top three most in-demand languages have been shaken up. Likely driven by the demand for machine learning solutions, Python is now in the top spot.

Here are the top 10 programming languages by open full-time positions and their ranking change...

Malware campaign targets official Python and JavaScript repos

An active malware campaign is targeting official Python and JavaScript repositories.

Software supply chain security firm Phylum spotted the campaign. Phylum said that it discovered the campaign after noticing a flurry of activity around typosquats of the popular Python requests package.

Typosquats take advantage of simple typos to install malicious packages.

In this case, the PyPI typos include: dequests, fequests, gequests, rdquests, reauests, reduests,...