Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Octopus Scanner compromises 26 OSS projects on GitHub

By Brian Fox on May 31, 2020 #OSSsecurity

4 minute read time

The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new form of software supply chain attack targeting NetBeans projects.
Read More...
vanveenjf-Vqa8Ms7DPG4-unsplash (1)
READ MORE

What Developers Need to Know About WhatsApp's Recent Security Dilemma

By Katie McCaskey on October 08, 2019 AppSec

3 minute read time

Sonatype issues an Advisory Deviation Notice for CVE-2019-11932, a vulnerability that exploits processor memory and recently affected WhatsApp.
Read More...
GettyImages-1038383026
READ MORE

The Dot Zero Conundrum and the New Frontier of Securing Open Source

By Brian Fox on September 24, 2019 code quality

3 minute read time

Sonatype is combining a new type of behavioral analysis with machine learning and proprietary data, creating early warning capabilities to detect malicious.
Read More...
GettyImages-626241886
READ MORE

Anatomy of the RubyGems ‘rest-client’ Hack, and Getting Creative About Open Source Security

By Brian Fox on August 23, 2019 open source security

3 minute read time

Last month, the RubyGems strong_password component was breached and injected with malicious code.
Read More...
GettyImages-926750708
READ MORE

Nexus Intelligence Insights: CVE-2019-13354: 'strong_password' embedded malicious code, RubyGems

By Elisa Velarde on July 10, 2019 vulnerabilities

4 minute read time

In this month's Nexus Intelligence Insights, we're covering CVE-2019-13354: strong_password, an embedded malicious code vulnerability in RubyGems.
Read More...