Skip Navigation
Book a Demo
Book a Demo

Ax Sharma

Ax is a Security Researcher at Sonatype and Engineer who holds a passion for perpetual learning. His works and expert analyses have frequently been featured by leading media outlets. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences.

Follow me on:
READ MORE

npm packages caught exfiltrating Kubernetes config, SSH keys

By Ax Sharma on September 19, 2023 npm

4 minute read time

Sonatype tracks an ongoing campaign that uses npm packages to retrieve and exfiltrate Kubernetes configuration and SSH keys to an external server
Read More...
READ MORE

New npm PoC packages target PayPal Zettle, Airbnb developers

By Ax Sharma on September 12, 2023 npm

4 minute read time

Sonatype identified npm packages that exploit dependency confusion, named after internal dependencies purportedly used by PayPal Zettle and Airbnb
Read More...
READ MORE

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

By Ax Sharma on August 03, 2023 Open Source

3 minute read time

A malicious PyPI package ‘VMConnect’ designed to resemble VMware vSphere Connector Module was caught by Sonatype’s automated malware detection systems
Read More...
READ MORE

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

By Ax Sharma on July 17, 2023 PyPI

3 minute read time

A malicious PyPI package called ‘feur’ was caught by Sonatype’s automated malware detection systems
Read More...
READ MORE

npm manifest confusion – What is it and do you really need to worry about it?

By Ax Sharma on June 28, 2023 npm

4 minute read time

npm manifest confusion – what is it and do you really need to worry about it?
Read More...
READ MORE

PyPI attackers still at it: Malicious packages drop trojans and info-stealers

By Ax Sharma on June 22, 2023 vulnerability

3 minute read time

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.
Read More...
Computer screen with code that looks like a human skull
READ MORE

ChatGPT data leak and Redis race condition vulnerability that remains unfixed

By Ax Sharma on March 27, 2023 vulnerability

4 minute read time

Last week's OpenAI payment data and chat history leak involved a Race Condition vulnerability in an open source component, Redis.
Read More...
Man with a computer as a head with a skull and crossbones image on it
READ MORE

Attacker floods PyPI with 1000s of malicious packages that drop Windows trojan via Dropbox

By Ax Sharma on February 26, 2023 vulnerabilities

3 minute read time

A threat actor has infiltrated the PyPI software registry with 1,000s of malicious packages at one time.
Read More...
READ MORE

Malicious ‘aptX’ Python package drops Meterpreter shell, deletes ‘netstat’

By Ax Sharma on February 08, 2023 Known Vulnerabilities

4 minute read time

Sonatype identified malicious Python packages on the PyPI software registry that carried out multiple nefarious activities.
Read More...