Critical New 0-day Vulnerability in Popular Log4j Library Discovered | Read Blog

Ax Sharma

Ax is a Security Researcher at Sonatype and Engineer who holds a passion for perpetual learning. His works and expert analyses have frequently been featured by leading media outlets. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences.

PyPI Flooded with 1,275 Dependency Confusion Packages

By Ax Sharma on January 24, 2022 vulnerabilities
Popular Python open source software repository, PyPI has been flooded with over 1,200 dependency confusion packages by the same actor.
Read More...

New Log4j 1.x CVEs, and critical Chainsaw Vulnerability — What to Do?

By Ax Sharma on January 21, 2022 vulnerabilities
Apache disclosed 3 vulns impacting Log4j 1.x versions, which included info on a critical Apache Chainsaw vulnerability buried within.
Read More...

'Faker' npm Library Gets New Home After Dev Throws in the Towel

By Ax Sharma on January 18, 2022 npm
Reputable maintainers have taken over the popular (and crucial) open source component "Faker", and it's already seeing traction.
Read More...

npm Libraries ‘colors’ and ‘faker’ Sabotaged in Protest by their Maintainer—What to do Now?

By Ax Sharma on January 10, 2022 vulnerabilities
Popular npm open source libraries, colors.js, and faker.js were sabotaged by their own maintainer. What does that mean for open source sustainability?
Read More...

Researcher Takes Over qr.js via Repo Hijacking. Is the npm Package Safe?

By Ax Sharma on December 31, 2021 vulnerabilities
Analyzing a live incident of repo jacking that affects the GitHub repository of the popular ‘qr.js’ library.
Read More...

Log4j 2.17.1 fixes another code execution bug, but should you worry?

By Ax Sharma on December 29, 2021 vulnerabilities
News of another possible open source vulnerability connected to Log4j raised eyebrows. A look at the issue, it's disclosure, and our response.
Read More...

Log4j Exploits Are Now Being Used to Spread Dridex Banking Trojan

By Ax Sharma on December 21, 2021 vulnerabilities
Log4shell exploits are now being leveraged by threat actors to infect Windows machines with the Dridex Trojan and Linux devices with Meterpreter
Read More...

Another Day of Malware: Malicious ‘botaa3’ PyPI Package Taken Down

By Ax Sharma on November 29, 2021 vulnerabilities
A typosquatting attack aimed at the boto3 AWS project, handing system controls to the attacker.
Read More...

Popular npm Project Used by Millions Hijacked in Supply-Chain Attack

By Ax Sharma on October 25, 2021 vulnerabilities
Companies are assessing impact from compromise of a popular npm project that may have introduced cryptominers and password stealers into their systems.
Read More...