Hernán Ortiz

A technical writer for the DevRel team at Sonatype. Hernán has published experimental science fiction books and his work has appeared in international literary journals. You can usually find him holding a cup of Colombian coffee, listening to the latest post-punk/noise rock bands, and reading sentences aloud.

Why Developers are Becoming the Weakest Link in Supply Chain Attacks

5 minute read time

As cyber-attacks continue to grow, threat actors have shifted their focus from endpoints and end users to the software supply chain.
Read More...

This Week in Malware— Cryptominers Flood npm, PyPI, and More Dependency Confusion

By Hernán Ortiz on August 19, 2022 vulnerabilities

2 minute read time

This week Sonatype discovered 200+ npm and PyPI packages that are cryptominers, with additional packages comprising dependency confusion PoCs.
Read More...

This Week in Malware—Typosquats in PyPI, Dependency Confusion Packages

By Hernán Ortiz on August 04, 2022 vulnerabilities

2 minute read time

This Week in Malware we discovered 50 packages that are either malicious or dependency confusion attacks.
Read More...