Checkmarx uncovers persistent Python package threat

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain.

The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in, successfully garnered thousands of downloads. The malicious payload, embedded within the...

Google Play introduces policies to boost app quality

Google Play has announced a series of initiatives aimed at bolstering the platform's overall experience and steer users away from low-quality applications.

Verification requirements update

Earlier this year, Google Play introduced an expanded set of verification requirements for all developers, a move to empower users to make informed choices, combat malware, and reduce fraud. The company has now provided details on how developers with existing accounts can comply with these...

AI coding assistants: A double-edged sword for DevOps in 2024

A growing reliance on AI-powered coding assistants is reshaping how DevOps teams operate, for better or worse.

According to Forrester's 2024 cybersecurity, risk, and privacy predictions, AI coding assistants are becoming integral to boosting productivity. However, a cautionary note accompanies this technological shift, as Forrester warns of potential pitfalls that could lead to cybersecurity breaches.

Forrester predicts that the combination of inconsistent compliance and...

Wallarm highlights disturbing trends in API security threats

Wallarm has released its Q3 2023 API ThreatStats report which sheds light on the escalating threats targeting APIs and revealing vulnerabilities that have impacted industry giants such as Netflix, VMware, and SAP.

The report's revamped ‘Top 10 API Security Threats’ compilation outlines 239 vulnerabilities discovered during the quarter, with injections taking the lead.

Injections involve inserting malicious data or code into APIs, leading to unauthorised access and...

Xbox and Inworld AI forge game-changing alliance

Xbox has unveiled a partnership with Inworld AI aimed at transforming game development using AI-powered tools.

In a blog post, Haiyan Zhang, General Manager of Gaming AI at Xbox, reflected on the evolution of gaming AI from the days of Ms Pac-Man to the present. Zhang highlighted the transformative potential of modern AI in creating living worlds, dynamic narratives, and intricate characters.

While traditional rule-based AI set the foundation, the integration of Large...

Google scraps controversial Web Environment Integrity API

Google has officially scrapped its controversial Web Environment Integrity API proposal, which was likened to digital rights management (DRM) for the open web.

The API, which was at the proposal stage, aimed to allow websites to verify the authenticity of users and their devices or browsers.

Google's intentions behind this initiative were to enhance user trust in online environments and combat issues such as social media manipulation, phishing campaigns, non-human...

SAP empowers developers with generative AI capabilities

During its TechEd event, SAP made a series of announcements aimed at empowering developers with generative AI capabilities.

Juergen Mueller, CTO and member of the Executive Board of SAP, stressed the importance of adapting to the evolving technology and business environment.

"Today’s dynamic landscape demands every developer to be an AI developer," Mueller affirmed. "The innovations we’re launching at SAP TechEd provide developers with the resources they need to...

Google prepares Android for the RISC-V era

Google is bolstering its support for the RISC-V open instruction set architecture (ISA) in Android.

RISC-V – developed a decade ago at the University of California, Berkeley – has rapidly gained popularity in various spaces, from embedded systems to servers and mobile computing. Google's move towards integrating RISC-V into Android signals a new era of collaboration and innovation in the hardware ecosystem.

At the RISC-V Summit in 2022, Google revealed that it had...

State of Java: Resilience amid licensing changes and security concerns

Azul has unveiled its first annual State of Java Survey & Report, which offers a deep exploration of the Java landscape.

The study – based on responses from over 2,000 Java users worldwide – aims to provide unparalleled insights into Java's current standing, particularly its influence on enterprises of various sizes.

Java's ubiquity and vital role

The report underscores Java's pervasive presence, with a staggering 98 percent of businesses surveyed utilising...

Apple introduces new metrics in Push Notifications Console

Apple’s latest announcement for developers promises deeper insights into the performance of push notifications for their apps.

The new feature, added to the Push Notifications Console, was initially introduced at the Worldwide Developers Conference (WWDC) in June. The feature is now rolling out to offer developers a more comprehensive view of their push notification delivery metrics.

The upgraded Push Notifications Console now incorporates detailed metrics for...