Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Ax Sharma

Endorsed an Exceptional Talent (‘a recognized leader’) in technology by the British Government, Ax is a Security Researcher at Sonatype and Engineer who holds a passion for perpetual learning. His works and expert analyses have frequently been featured by leading media outlets like Fortune, The Register, TechRepublic, CSO Online, BleepingComputer, etc. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences.

Follow me on:
Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt
READ MORE

Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt

By Ax Sharma on April 13, 2021 vulnerabilities
New malware exists in a brandjacking npm package called web-browserify that imitates the legitimate browserify component
Read More...
Sonatype Securing Open Source Supply Chains
READ MORE

Meet the Developers Behind Sonatype’s Automated Malware Detection System Securing Open Source Supply Chains

By Ax Sharma on April 08, 2021 vulnerabilities
Meet the principal software engineers behind Sonatype's automated malware detection system, Release Integrity.
Read More...
PHP and netmask software supply chain attacks
READ MORE

Netmask Flaw Leaves Millions Vulnerable While a PHP Git Server is Hacked in Software Supply Chain Attack

By Ax Sharma on March 29, 2021 vulnerabilities
2 critical software supply chain attacks were uncovered today. An improper input validation vulnerability in the npm component netmask and an attack on PHP’s Git server.
Read More...
PyPI and npm see flood of dependency Confusion Copycats
READ MORE

PyPI and npm Flooded with over 5,000 Dependency Confusion Copycats

By Ax Sharma on March 03, 2021 vulnerabilities
Both PyPi and npm are being inundated with malicious dependency confusion packages.
Read More...
new dependency confusion packages published to the npm ecosystem are malicious in nature.
READ MORE

Newly Identified Dependency Confusion Packages Target Amazon, Zillow, and Slack; Go Beyond Just Bug Bounties

By Ax Sharma on March 01, 2021 vulnerabilities
Malicious npm dependency confusion packages exfiltrate your bash_history and /etc/shadow files
Read More...
Sonatype Spots Malicious npm Packages Copying Novel Software Supply Chain Attack
READ MORE

Sonatype Spots 275+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations

By Ax Sharma on February 12, 2021 vulnerabilities
48 hours after a security researcher breached 35+ tech companies in a novel software supply chain attack, Sonatype’s Nexus Intelligence flagged 150+ copycat npm packages published by different
Read More...
Dependency Hijacking Software Supply Chain Attack
READ MORE

Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations

By Ax Sharma on February 09, 2021 vulnerabilities
A security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack.
Read More...
READ MORE

2 New RubyGems laced with cryptocurrency stealing malware taken down

By Ax Sharma on December 16, 2020 vulnerabilities
RubyGems removed 2 gems from its repo that contained malicious code. When run, it infected Windows machines and replaced any cryptocurrency wallet address it found on the user’s clipboard with the
Read More...
READ MORE

Breaching the U.S. Government through software supply chains: tracing the SolarWinds exploit upstream

By Ax Sharma on December 14, 2020 features
The U.S. Government and FireEye experienced breaches due malicious software code injected upstream in the software supply chain of of their vendor, SolarWinds, where it would then flow downstream
Read More...
Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Event Terms and Conditions