Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Ax Sharma

Ax is a Security Researcher at Sonatype and Engineer who holds a passion for perpetual learning. His works and expert analyses have frequently been featured by leading media outlets. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences.

Popular npm Project Used by Millions Hijacked in Supply-Chain Attack

By Ax Sharma on October 25, 2021 vulnerability
Companies are assessing impact from compromise of a popular npm project that may have introduced cryptominers and password stealers into their systems.
Read More...

Apache Servers Actively Exploited in the Wild, and the Importance of Prompt Patching

By Ax Sharma on October 05, 2021 vulnerabilities
New apache vulnerability exploited in the wild is the result of an incomplete path normalization logic
Read More...

$3 Million Cryptocurrency Heist Stemmed from a Malicious GitHub Commit

By Ax Sharma on September 20, 2021 vulnerabilities
Cryptocurrency site loses funds after supply chain attack. A look at what happened, this time due to poor Git security policy.
Read More...

OMIGOD! Microsoft Secretly Installed an Open Source Agent with Critical Vulnerabilities on Thousands of Linux VMs

By Ax Sharma on September 17, 2021 vulnerabilities
Microsoft released patches for critical vulnerabilities in its Open Management Infrastructure (OMI) software agent which had been silently installed on Azure Linux VMs.
Read More...

Cyber Mayhem - Attackers Actively Exploit Vulnerable Confluence Servers, while 500,000 Fortinet VPNs See Passwords Leaked

By Ax Sharma on September 13, 2021 vulnerabilities
Last week severe zero-days in Atlassian Confluence, Fortinet devices, and Microsoft Office all needed patching following active exploits.
Read More...

What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities
ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...

This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites

By Ax Sharma on July 16, 2021 vulnerabilities
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS, that threatened the security, integrity, and availability of the wider supply chain.
Read More...

Sonatype Catches New PyPI Cryptomining Malware

By Ax Sharma on June 21, 2021 vulnerabilities
New malicious typosquatting packages infiltrating the PyPI repository identified that secretly pull in cryptominers.
Read More...

Open Source Attacks on the Rise: Top 8 Malicious Packages Found in npm

By Ax Sharma on June 08, 2021 featured
We're rounding up the top 8 malicious cyber attacks on npm that Sonatype has discovered with its next-gen open source security and malware detection tool.
Read More...