This Week in Malware—Malicious 'Distutil' and Spring4Shell active exploitation

By Ax Sharma on April 22, 2022 github

7 minute read time

A malicious 'Distutil' PyPI package, active Spring4Shell exploitation by attackers deploying cryptominers, An open source tool that enabled users to add Google Play to PCs, but secretly installed
Read More...

This Week in Malware - Special Edition on Protestware and a Struts RCE Deja Vu

By Ax Sharma on April 15, 2022 vulnerabilities

4 minute read time

In a special edition of This Week in Malware, we change focus and look at protestware and the tale of a two-year-old Struts bug that's returned.
Read More...

This week in malware—VMWare, secrets, and security by obscurity

By Ax Sharma on April 08, 2022 vulnerabilities

2 minute read time

This week in malware digest for 8th April 2022: VMWare dependency confusion attempt and the importance of secrets management.
Read More...

VMware VSphere dependency confusion attempt caught by Sonatype

By Ax Sharma on April 07, 2022 vulnerabilities

6 minute read time

Sonatype's automated malware detection bots flagged a suspicious dependency that has the same name as a real package used by VMware VSphere SDK developers.
Read More...

What is Code Quality? 5 Software Development Checks You Should be Automating

By Stephen Magill on April 05, 2022 How-To

4 minute read time

One of the most tangible ways to improve software is writing and maintaining good source code, but how do you make that part of your process?
Read More...

Wicked Good Development: What is Spring4Shell? And Why You Should Care

By Kadi Grigg on April 04, 2022 vulnerabilities

11 minute read time

In a special episode of Wicked Good Development we dissect the zero-day RCE vulnerability in the Spring Framework dubbed Spring4Shell or Springshell.
Read More...

Spring4Shell – by the numbers

By Ilkka Turunen on April 04, 2022 component vulnerability

6 minute read time

Spring4Shell, a new 0-day RCE, is not quite as bad as Log4shell but has a wide blast radius. We dive into the numbers on how the world is fixing the issue.
Read More...

Fixing a vulnerability? Make sure your GitHub isn't showing too much

By Ax Sharma on April 04, 2022 github

5 minute read time

February's $326 million crypto hack at Wormhole and this month's findings by Sonatype shed light on the importance of secrets management for open source developers.
Read More...

This week in malware—a 'fix-crash' info-stealer and 500+ malicious npm packages

By Ax Sharma on April 01, 2022 vulnerabilities

7 minute read time

This week in malware—Dive Deep into this week's findings from Sonatype's automated malware detection system.
Read More...