TIOBE: C++ overtakes Java in programming language popularity

According to the latest TIOBE Index, C++ has overtaken Java in programming language popularity.

The TIOBE Index uses searches across 25 different engines to calculate the popularity of Turing-complete languages. The methodology used for the index has regularly been criticised but it suffices as a rough guide.

Java has been a mainstay in the top three programming languages since the TIOBE Index launched in 2001. However, that impressive streak came to an end this...

Syntax error breaks KmsdBot cryptomining botnet

A syntax error broke an otherwise advanced cryptomining botnet called KmsdBot.

The malware, which could also be used for distributed denial-of-service (DDoS) attacks, was discovered by Akamai Security Research.

Akamai’s researchers witnessed the authors “accidentally crash” KmsdBot after observing the malware stopped sending attack commands after receiving:

!bigdata www.bitcoin.com443 / 30 3 3 100 

The lack of a space between the website and the...

PyPI maintainers warn of ongoing phishing attack

The maintainers of the Python Package Index (PyPI) have warned of an ongoing phishing attack targeting users.

“Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI,” wrote the maintainers in a tweet.

A phishing email is sent to users warning that PyPI is implementing a mandatory ‘validation’ process and that users must follow a link or risk their package being removed:

The...

InAppBrowser tool reveals hidden JavaScript injections

A tool created by developer Felix Krause reveals hidden JavaScript injections through in-app browsers.

In-app browsers offer a convenient way for developers to let users browse specific websites without leaving their apps. However, they can be used to invade users’ privacy.

A JavaScript injection can be used via an in-app browser to collect data about users including their taps on a webpage, keyboard inputs, and more.

Armed with this data, a “digital...

PyPI package installs cryptominer on Linux systems

A malicious PyPI package was used to install a Monero cryptominer on Linux systems.

The package in question, secretslib, was pushed to the official third-party software repo for Python on 6th August 2022. The package was described as “secrets matching and verification made easy”.

Sonatype’s automated malware detection system flagged secretslib as potentially malicious. Further analysis proved its suspicions to be correct.

“The package covertly runs...

Xcode 14 beta practically confirms iPhone 14 Pro will get an AOD

The latest beta of Xcode 14 all but confirms that an always-on display (AOD) will arrive with the iPhone 14 Pro lineup.

AODs have featured on numerous Android devices since around 2016. Over in the Apple garden, the only device to feature an AOD is the Apple Watch (Series 5+)

Rather than have to fully wake up your display to obsessively check for information, AODs enable data to be seen at-a-glance.

AODs require very low refresh rates to preserve battery. The...

Source code for Rust-based malware leaks on hacking forums

The source code for an info-stealing malware based on Rust has leaked on hacking forums.

Security analysts claim the malware is actively used in attacks and it appears to have a high antivirus evasion rate. VirusTotal returns a detection rate of around 22 percent.

The developer claims to have developed the malware in just six hours. Despite being based on Rust, the malware currently only targets Windows machines.

Cybersecurity firm Cyble analysed the malware...

Snowflake boosts native python support and data access

A green tree python.

Snowflake, the Data Cloud company, has unveiled new enhancements that improve programmability for data scientists, data engineers, and application developers

The company announced the update this week at its annual user conference, Snowflake Summit 2022, in Las Vegas.

Snowflake’s latest innovations bring Python to the forefront, with the launch of Snowpark for Python, now in public preview, and a native integration with Streamlit for rapid application development and...

Xcode Cloud is now available to all developers

Apple has announced that Xcode Cloud is now available to all developers.

Xcode Cloud was first announced during WWDC 2021. Over the past year, it’s gradually been rolling out in beta to lucky developers.

A year (and a WWDC) later, Xcode Cloud is leaving beta.

Xcode Cloud is a continuous integration and delivery service that’s built into Xcode. The solution accelerates the development and delivery of apps by bringing together cloud-based tools that help...

80% of Spring framework downloads are exploitable versions

Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions.

Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE publication.

Spring4Shell allows unauthenticated remote code execution. This week, the US...