Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Tracking the ‘Noblox.js’ npm Malware Campaign

By Juan Aguirre on November 23, 2021 vulnerabilities
Another malicious npm package, noblox.js-rpc was spotted on registry that leverages familiar techniques to steal all sorts of sensitive data.

New Nexus Firewall Release with Developer-First Enhancements

By Chris Good on November 16, 2021 Nexus Firewall
With increasing attacks targeting developers, Sonatype’s new Nexus Firewall features improve application security and developer productivity.

NPM Hijackers at it Again: Popular ‘coa’ and ‘rc’ Open Source Libraries Taken Over to Spread Malware

By Juan Aguirre on November 05, 2021 vulnerabilities
Npm coa and rc packages were hijacked, via an account takeover, again highlighting the need to protect your open source software supply chains.

Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise

By Juan Aguirre on October 27, 2021 vulnerabilities
Fake npm Roblox API package discovered by Sonatype uncovers first known ransomware maliciously placed in typosquatted open source package.

Popular npm Project Used by Millions Hijacked in Supply-Chain Attack

By Ax Sharma on October 25, 2021 vulnerabilities
Companies are assessing impact from compromise of a popular npm project that may have introduced cryptominers and password stealers into their systems.

Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices

Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month.

A Non-Programmer Introduction to the Software Supply Chain (Electron)

By Luke Mcbride on October 14, 2021 Software Supply Chain
Connecting the larger use by the software industry of component programs to something most people have on their machine right now: The Electron Framework.

Software Supply Chains: an Introductory Guide

By Luke Mcbride on October 08, 2021 Open Source
Take a closer look at the software supply chain, including what it contains, why it’s important, and how to protect it from vulnerabilities.

Apache Servers Actively Exploited in the Wild, and the Importance of Prompt Patching

By Ax Sharma on October 05, 2021 vulnerabilities
New apache vulnerability exploited in the wild is the result of an incomplete path normalization logic