Ilkka Turunen

Ilkka serves as Field CTO at Sonatype. He is a software engineer with a knack for rapid web-development and cloud computing and with technical experience on multiple levels of the XaaS cake. Ilkka is interested in anything and everything, always striving to learn any relevant skills that help towards building Sonatype for success.

Follow me on:
READ MORE

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

11 minute read time

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks
Read More...
READ MORE

Secure Software Development Attestation Form: Sonatype helps you comply

6 minute read time

The CISA Secure Software Development Attestation Form sets cybersecurity standards for US Federal agency software purchases. Learn how Sonatype helps you comply with SSDF guidelines.
Read More...
READ MORE

Struts2 CVE-2023-50164 by the numbers

By Ilkka Turunen on December 19, 2023 vulnerability disclosure

5 minute read time

Struts2 security vulnerability is not like Log4j, but it is similar to historic breaches and has the potential for disaster if not addressed properly.
Read More...
READ MORE

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

By Ilkka Turunen on December 14, 2023 vulnerabilities

3 minute read time

Sonatype covers how Ledger, a maker of hardware wallets for storing crypto, identified malicious software embedded in one of their open source packages
Read More...
READ MORE

PyTorch namespace (dependency) confusion attack

By Ilkka Turunen on January 04, 2023 News

4 minute read time

During the 2022 holiday season, a dependency confusion attack targeted PyTorch. Here's what users of PyTorch-NightlyBuild need to know.
Read More...
READ MORE

A new OpenSSL vulnerability is coming - Get ready to patch

By Ilkka Turunen on October 26, 2022 News

3 minute read time

On Tuesday 1st of November, between 1-5pm UTC a new version of the widely adopted OpenSSL 3.x series will be released for general consumption.
Read More...
READ MORE

Weaponizing open source through job recruiting

By Ilkka Turunen on October 03, 2022 News

7 minute read time

There have been troubling new reports of threat actors weaponizing open source to target employee machines at technology companies, governments, and more.
Read More...
a developer looks at a monitor displaying the Spring logo
READ MORE

Spring4Shell – By the numbers

By Ilkka Turunen on April 04, 2022 component vulnerability

6 minute read time

Spring4Shell, a new 0-day RCE, is not quite as bad as Log4shell but has a wide blast radius. We dive into the numbers on how the world is fixing the issue.
Read More...
Image of a spring
READ MORE

New Spring Framework RCE vulnerability confirmed - What to do?

7 minute read time

A new remote code execution flaw dubbed Springshell is affecting Spring-beans, exploiting a previously unknown security vulnerability.
Read More...