Ax Sharma

Ax is a Security Researcher at Sonatype and Engineer who holds a passion for perpetual learning. His works and expert analyses have frequently been featured by leading media outlets. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences.

Follow me on:
READ MORE

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

7 minute read time

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging
Read More...
READ MORE

Open source ML/AI models: attackers' next target

By Ax Sharma on March 22, 2024

7 minute read time

Disclosing several open source ML/AI models that demonstrate some of the ways in which malware can creep onto AI platforms.
Read More...
READ MORE

npm packages spread 'Bladeroid' crypto-stealer, hijack your Instagram

By Ax Sharma on February 29, 2024 vulnerabilities

4 minute read time

Sonatype has identified multiple open source packages that infect npm developers with a Windows info-stealer and crypto-stealer called Bladeroid
Read More...
READ MORE

The curious case of 'csrf-magic': A case study in supply chain poisoning

By Ax Sharma on February 27, 2024 vulnerability

5 minute read time

Learn how a so-called code injection vulnerability was in fact a backdoor in an open source component, csrf-magic, to help secure your application against Cross-Site Request Forgery attacks.
Read More...
READ MORE

Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library

By Ax Sharma on February 05, 2024 vulnerability

5 minute read time

It might be a little known fact that one of the high severity zero-days found in Ivanti devices is actually present in an open source component that the company has deployed in its products. Ivanti's
Read More...
READ MORE

npm flooded with 748 packages that store movies

By Ax Sharma on January 25, 2024 vulnerabilities

4 minute read time

The Sonatype Security Research team came across 748 packages flooding the npm software registry.
Read More...
READ MORE

Fake 'distube-config' npm package drops Windows info-stealing malware

By Ax Sharma on January 24, 2024 vulnerabilities

3 minute read time

Sonatype identified two npm packages that typosquat open source packages like Discord modules, in an attempt to infect Windows users with a Trojan
Read More...
READ MORE

'everything' matters — why the npm package sparked controversy

By Ax Sharma on January 04, 2024 npm

4 minute read time

An npm package sparked controversy after its publication. Understand what it does and how you can safeguard yourself against such packages.
Read More...
READ MORE

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

3 minute read time

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week
Read More...