Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains

Sonatype has determined those behind the CursedGrabber Discord malware family, have published a new malware campaign against software supply chains
Read More...

Sonatype and SVA join forces to help companies develop better, more secure software

By Stephen Bryans on January 19, 2021 News and Views
Sonatype and SVA, one of Germany’s leading system integrators, partner to help enterprise customers create vital open source security and SCA programs and protect their applications.
Read More...

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.
Read More...

Does the SolarWinds’ Orion Security Advisory Impact Sonatype’s Product?

By Michael Griffin on December 23, 2020 News and Views
Sonatype is continuing to monitor the SolarWinds situation and our investigation is ongoing, but we can confirm that we do not use the SolarWinds Orion platform nor have we found any evidence of the
Read More...

The SolarWinds Software Supply Chain Attack: How Developers Can Protect Applications

By Derek Weeks on December 22, 2020 vulnerabilities
The SolarWinds software supply chain attack has made it clear that open source developers need to act now and intelligently manage third party dependencies to protect their apps.
Read More...

2 New RubyGems laced with cryptocurrency stealing malware taken down

By Ax Sharma on December 16, 2020 vulnerabilities
RubyGems removed 2 gems from its repo that contained malicious code. When run, it infected Windows machines and replaced any cryptocurrency wallet address it found on the user’s clipboard with the
Read More...

Breaching the U.S. Government through software supply chains: tracing the SolarWinds exploit upstream

By Ax Sharma on December 14, 2020 features
The U.S. Government and FireEye experienced breaches due malicious software code injected upstream in the software supply chain of of their vendor, SolarWinds, where it would then flow downstream
Read More...

Nexus Repository & Microsoft NuGet Gallery: OData Changes for NuGet V2

By Brent Kostak on December 10, 2020 Nuget
Following Microsoft's announced changes to the NuGet Gallery, and the depreciation of OData, see details on how Nexus Repository users can avoid V2 protocol errors by upgrading to NuGet V3.
Read More...

There’s a RAT in my code: new npm malware with Bladabindi trojan spotted

By Ax Sharma on December 01, 2020 vulnerabilities
Sonatype discovered new malware within the npm registry, jdb.js and db-json.js This time, the typosquatting packages are laced with a popular Remote Access Trojan (RAT).
Read More...