Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Another Day of Malware: Malicious ‘botaa3’ PyPI Package Taken Down

By Ax Sharma on November 29, 2021 vulnerabilities
A typosquatting attack aimed at the boto3 AWS project, handing system controls to the attacker.
Read More...

Tracking the ‘Noblox.js’ npm Malware Campaign

By Juan Aguirre on November 23, 2021 vulnerabilities
Another malicious npm package, noblox.js-rpc was spotted on registry that leverages familiar techniques to steal all sorts of sensitive data.
Read More...

New Nexus Firewall Release with Developer-First Enhancements

By Chris Good on November 16, 2021 Nexus Firewall
With increasing attacks targeting developers, Sonatype’s new Nexus Firewall features improve application security and developer productivity.
Read More...

NPM Hijackers at it Again: Popular ‘coa’ and ‘rc’ Open Source Libraries Taken Over to Spread Malware

By Juan Aguirre on November 05, 2021 vulnerabilities
Npm coa and rc packages were hijacked, via an account takeover, again highlighting the need to protect your open source software supply chains.
Read More...

Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise

By Juan Aguirre on October 27, 2021 vulnerabilities
Fake npm Roblox API package discovered by Sonatype uncovers first known ransomware maliciously placed in typosquatted open source package.
Read More...

Popular npm Project Used by Millions Hijacked in Supply-Chain Attack

By Ax Sharma on October 25, 2021 vulnerabilities
Companies are assessing impact from compromise of a popular npm project that may have introduced cryptominers and password stealers into their systems.
Read More...

Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices

Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month.
Read More...

A Non-Programmer Introduction to the Software Supply Chain (Electron)

By Luke Mcbride on October 14, 2021 Software Supply Chain
Connecting the larger use by the software industry of component programs to something most people have on their machine right now: The Electron Framework.
Read More...

Software Supply Chains: an Introductory Guide

By Luke Mcbride on October 08, 2021 Open Source
Take a closer look at the software supply chain, including what it contains, why it’s important, and how to protect it from vulnerabilities.
Read More...