Skip Navigation

Hernán Ortiz

A technical writer for the DevRel team at Sonatype. Hernán has published experimental science fiction books and his work has appeared in international literary journals. You can usually find him holding a cup of Colombian coffee, listening to the latest post-punk/noise rock bands, and reading sentences aloud.

How Stolen Information Stealers are Fueling an Underground Market

By Hernán Ortiz on February 27, 2023 Known Vulnerabilities

9 minute read time

A look at the tactics, techniques, and procedures used to deploy a series of information stealers being uploaded to the PyPI registry.

Why Developers are Becoming the Weakest Link in Supply Chain Attacks

5 minute read time

As cyber-attacks continue to grow, threat actors have shifted their focus from endpoints and end users to the software supply chain.

This Week in Malware— Cryptominers Flood npm, PyPI, and More Dependency Confusion

By Hernán Ortiz on August 19, 2022 vulnerabilities

2 minute read time

This week Sonatype discovered 200+ npm and PyPI packages that are cryptominers, with additional packages comprising dependency confusion PoCs.

This Week in Malware—Typosquats in PyPI, Dependency Confusion Packages

By Hernán Ortiz on August 04, 2022 vulnerabilities

2 minute read time

This Week in Malware we discovered 50 packages that are either malicious or dependency confusion attacks.