Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Sonatype Repository Firewall is an easy solution for a big problem

By Audra Davis-Hurst on April 03, 2023 secure software supply chain

6 minute read time

Discover Sonatype Repository Firewall's AI-driven protection for SDLCs, blocking malicious components and ensuring a more secure software supply chain.

Read More...

Manage open source risk with improved malware detection

By Mandeep Singh on March 27, 2023 secure software supply chain

5 minute read time

Malware targeting developers remains a major concern. Learn what your organization can do to keep cybersecurity risks out of your development pipeline.

Read More...

Top 8 malicious attacks recently found on PyPI

By Sonatype Developer Relations on March 16, 2023 vulnerabilities

13 minute read time

Eight malicious attacks on PyPI recently caught our Security Research Team's eye. Get the details about the actions and motivations of the attackers.

Read More...

Malware Monthly - February 2023

By Sonatype Developer Relations on March 09, 2023 vulnerabilities

8 minute read time

The February 2023 edition of Malware Monthly shares insights into copycat information stealers, malware linked to video game mods, and more.

Read More...

White House National Cybersecurity Strategy: Landmark action for a critical threat

By Brian Fox on March 02, 2023 Cybersecurity

5 minute read time

The Biden administration announced a new, historic National Cybersecurity Strategy calling for cybersecurity liability and increased investment.

Read More...

Man with a computer as a head with a skull and crossbones image on it

Attacker floods PyPI with 1000s of malicious packages that drop Windows trojan via Dropbox

By Ax Sharma on February 26, 2023 vulnerabilities

3 minute read time

A threat actor has infiltrated the PyPI software registry with 1,000s of malicious packages at one time.

Read More...

Is cyber liability insurance a moral hazard in the US?

By Brian Fox on February 22, 2023 secure software supply chain

8 minute read time

Sonatype CTO and co-founder, Brian Fox, shares his thoughts on the developing role of cyber liability insurance in software supply chain management.

Read More...

Comparing SBOM standards: SPDX vs. CycloneDX

By Luke Mcbride on February 17, 2023 software bill of materials

7 minute read time

Do you know which format for generating a software bill of materials (SBOM) is the best option for your organization? A look at the two leading standards.

Read More...

5 tools to automate SBOM creation

By Eddie Knight on February 13, 2023 agile development

6 minute read time

A look at five different tools that can be integrated into your development workflow to automatically generate a software bill of materials (SBOM).

Read More...

Previous Next

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Sonatype Repository Firewall is an easy solution for a big problem

Manage open source risk with improved malware detection

Top 8 malicious attacks recently found on PyPI

Malware Monthly - February 2023

White House National Cybersecurity Strategy: Landmark action for a critical threat

Attacker floods PyPI with 1000s of malicious packages that drop Windows trojan via Dropbox

Is cyber liability insurance a moral hazard in the US?

Comparing SBOM standards: SPDX vs. CycloneDX

5 tools to automate SBOM creation

Secure your software supply chain

Subscribe for all the latest software security news and events