Simon Willison's blog offers a mix of technical tutorials, data analysis projects, and reflections on technology and society. With a focus on Python, SQL, and web development, Simon shares insights into building web applications, working with data, and exploring emerging technologies. Developers can learn about data visualization, API design, and software engineering best practices, gaining inspiration and practical knowledge to advance their careers.

Simon Willison

The Axios team published a postmortem on a recent supply chain attack that injected malware into a release. The attack involved a highly targeted social engineering campaign against a maintainer: attackers cloned a real company's identity, created a convincing Slack workspace, scheduled a Microsoft Teams meeting, and tricked the maintainer into installing a Remote Access Trojan (RAT) disguised as a required software update. The RAT stole credentials used to publish the malicious package. The incident highlights how sophisticated and personalized these attacks have become, and serves as a warning for all open source maintainers.

The Axios supply chain attack used individually targeted social engineering