Security News

The developers of the PHP scripting language have shared an update on the recently disclosed breach in which attackers planted malicious code. Php.net server and it was apparently designed to allow an attacker to remotely execute arbitrary PHP code.

KODA advising CTO John Suit discusses the skills and languages that are important for developers who want to build software and systems for modern robots.

Even back in the early days, WebView was problematic because, with a JavaScript bridge enabled, a webpage viewed in WebView could execute code as the WebView application itself. There's the app itself, there are the Android subsystems, there are the apps that depend on WebView, there are the developers who might make use of JavaScript, which then depends on a third-party server that may or may not use SSL properly.

New episode - watch now!

CTO.ai announced the launch of its serverless Kubernetes platform that makes it easy for developers to deploy and manage their cloud native applications. This powerful, yet easy-to-use, platform makes product delivery teams more efficient and eliminates the complexity experienced by developers when applications are deployed on top of a self-managed Kubernetes cluster.

DFRobot Gravity series is a set of professional open-source hardware modules. Till now, the Gravity series has been used by more than 1 million developers worldwide and used in a broad range of applications, like AI, environmental monitoring, IoT, smart homes, etc.

Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed "XcodeSpy," the trojanized Xcode project is a tainted version of a legitimate, open-source project available on GitHub called TabBarInteraction that's used by developers to animate iOS tab bars based on user interaction.

"We recently became aware of a trojanized Xcode project in the wild targeting iOS developers thanks to a tip from an anonymous researcher. The malicious project is a doctored version of a legitimate, open-source project available on GitHub," SentinelOne researchers have warned. The trojanized Xcode project in question is TabBarInteraction, which offers iOS developers features for animating the iOS Tab Bar based on user interaction - though the researchers have been quick to note that the code in the Github project is currently clean, and that the developer is not implicated in any way with the malware operation.

Taliware announced that its identity-management software developer toolkit is now available. By integrating the Taliware SDK with their applications, mobile app developers can use Taliware's patented Biombeat to access ECG-based biometric verification, to enable passwordless, location-based authentication.

Cybercriminals are targeting Apple developers with a trojanized Xcode project, which once launched installs a backdoor that has spying and data exfiltration capabilities. Xcode is comprised of a suite of free, open software development tools developed by Apple for creating software for macOS, iOS, iPadOS, watchOS and tvOS. Thus, any apps built on top of the project automatically include the malicious code.