NVD overload: Unveiling a hidden crisis in vulnerability management

By Aaron Linskens on March 15, 2024 vulnerabilities

5 minute read time

Learn about a critical yet underreported issue in the National Vulnerability Database (NVD) that could have global impact for cybersecurity infrastructure
Read More...

npm packages spread 'Bladeroid' crypto-stealer, hijack your Instagram

By Ax Sharma on February 29, 2024 vulnerabilities

4 minute read time

Sonatype has identified multiple open source packages that infect npm developers with a Windows info-stealer and crypto-stealer called Bladeroid
Read More...

Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library

By Ax Sharma on February 05, 2024 vulnerability

5 minute read time

It might be a little known fact that one of the high severity zero-days found in Ivanti devices is actually present in an open source component that the company has deployed in its products. Ivanti's
Read More...

npm flooded with 748 packages that store movies

By Ax Sharma on January 25, 2024 vulnerabilities

4 minute read time

The Sonatype Security Research team came across 748 packages flooding the npm software registry.
Read More...

Fake 'distube-config' npm package drops Windows info-stealing malware

By Ax Sharma on January 24, 2024 vulnerabilities

3 minute read time

Sonatype identified two npm packages that typosquat open source packages like Discord modules, in an attempt to infect Windows users with a Trojan
Read More...

What is the OWASP Top 10?

By Aaron Linskens on January 12, 2024 vulnerabilities

7 minute read time

Discover the significance of OWASP in cybersecurity – What is OWASP and why it is vital for developers and organizations? Dive deeper with Sonatype.
Read More...

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

By Jeff Wayman on December 14, 2023 vulnerabilities

6 minute read time

The recent identification of CVE-2023-50164 in Apache Struts is quite similar to other vulnerabilities Sonatype has seen and covered in the past.
Read More...

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

By Ilkka Turunen on December 14, 2023 vulnerabilities

3 minute read time

Sonatype covers how Ledger, a maker of hardware wallets for storing crypto, identified malicious software embedded in one of their open source packages
Read More...

Dependency mapping: A beginner's guide

By Aaron Linskens on October 20, 2023 vulnerabilities

8 minute read time

Explore dependency mapping, what it is, the benefits of mapping dependencies, and some tools that make the process easier.
Read More...