News and Notes from the Makers of Nexus | Sonatype Blog

Sonatype Security Research Team

Sonatype's Security Research Team is comprised 65 world class professionals with 500+ years of experience. The Team is focused on bringing real-time, in-depth intelligence and actionable information about open source and third party vulnerabilities to Sonatype customers.

CursedGrabber strikes again: Sonatype spots new malware campaign against software supply chains

By Sonatype Security Research Team on January 20, 2021 vulnerabilities

3 minute read time

Sonatype has determined those behind the CursedGrabber Discord malware family, have published a new malware campaign against software supply chains

Read More...

software supply chain attack on Java developer community thwarted

Sonatype stops software supply chain attack aimed at the Java developer community

By Sonatype Security Research Team on January 13, 2021 vulnerabilities

9 minute read time

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.

Read More...

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

By Sonatype Security Research Team on August 11, 2020 Nexus Lifecycle

3 minute read time

While updating our data for CVE-2020-17479 in JPV, an open-source JSON schema validator, we discovered that the vulnerability could still be exploited with the.

Read More...

Sonatype Security Research Team

CursedGrabber strikes again: Sonatype spots new malware campaign against software supply chains

Sonatype stops software supply chain attack aimed at the Java developer community

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

Secure your software supply chain

Subscribe for all the latest software security news and events