Skip Navigation

Hernán Ortiz

A technical writer for the DevRel team at Sonatype. Hernán has published experimental science fiction books and his work has appeared in international literary journals. You can usually find him holding a cup of Colombian coffee, listening to the latest post-punk/noise rock bands, and reading sentences aloud.

How stolen information stealers are fueling an underground market

By Hernán Ortiz on February 27, 2023 Known Vulnerabilities

9 minute read time

A look at the tactics, techniques, and procedures used to deploy a series of information stealers being uploaded to the PyPI registry.

Why developers are becoming the weakest link in supply chain attacks

5 minute read time

As cyber-attacks continue to grow, threat actors have shifted their focus from endpoints and end users to the software supply chain.

This Week in Malware — Cryptominers flood npm, PyPI, and more dependency confusion

By Hernán Ortiz on August 19, 2022 vulnerabilities

2 minute read time

This week Sonatype discovered 200+ npm and PyPI packages that are cryptominers, with additional packages comprising dependency confusion PoCs.

This Week in Malware — Typosquats in PyPI, dependency confusion packages

By Hernán Ortiz on August 04, 2022 vulnerabilities

2 minute read time

This Week in Malware we discovered 50 packages that are either malicious or dependency confusion attacks.