Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Malware Monthly - January 2023

By Sonatype Developer Relations on February 10, 2023 vulnerabilities

11 minute read time

January 2023's Malware Monthly covers malware that rejects virtual machines, Linux crypto miners, evasive variants of RAT mutants, and more.

Read More...

Make sure your company is prepared for evolving software liability regulations

By Brian Fox on February 09, 2023 thought leaders

13 minute read time

Organizations should understand changes to liability and government regulation, and have the proper tools in place to protect their software supply chains.

Read More...

Malicious ‘aptX’ Python package drops Meterpreter shell, deletes ‘netstat’

By Ax Sharma on February 08, 2023 Known Vulnerabilities

4 minute read time

Sonatype identified malicious Python packages on the PyPI software registry that carried out multiple nefarious activities.

Read More...

Are unnecessary vulnerabilities polluting your software supply chain?

By Stephen Magill on February 06, 2023 secure software supply chain

7 minute read time

As malicious software supply chain attacks continue to evolve, so do the ways that bad actors exploit vulnerable libraries.

Read More...

Sonatype's 2022: A year-end recap

By Nicole Lavella on February 02, 2023 awards

9 minute read time

2022 was quite the year. Sonatype continued to push the boundaries of open source, gave back to our communities, expanded our team, and so much more.

Read More...

Sonatype Lifecycle and Firewall now available in the cloud

By Crystal Derakhshan on February 01, 2023 Product Release

4 minute read time

Sonatype’s new cloud offer means customers looking to scale and secure their software development lifecycle can do so with less maintenance and infrastructure.

Read More...

The shifting landscape of open source supply chain attacks - Part 3

By Brian Fox on January 26, 2023 thought leaders

12 minute read time

Brian Fox shares insights on who’s responsible for the security of software supply chains, and how orgs can minimize impact on efficiency and speed.

Read More...

The shifting landscape of open source supply chain attacks - Part 2

By Brian Fox on January 25, 2023 thought leaders

11 minute read time

Sonatype's Brian Fox delves into how bad actors and cybercriminals are attacking the software supply chain, and how cyberattacks continue to evolve.

Read More...

The shifting landscape of open source supply chain attacks - Part 1

By Brian Fox on January 24, 2023 thought leaders

8 minute read time

A deep dive into how modern supply chains manage problems, and how companies looking to secure their software supply chains can learn from their mistakes.

Read More...

Previous Next

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Malware Monthly - January 2023

Make sure your company is prepared for evolving software liability regulations

Malicious ‘aptX’ Python package drops Meterpreter shell, deletes ‘netstat’

Are unnecessary vulnerabilities polluting your software supply chain?

Sonatype's 2022: A year-end recap

Sonatype Lifecycle and Firewall now available in the cloud

The shifting landscape of open source supply chain attacks - Part 3

The shifting landscape of open source supply chain attacks - Part 2

The shifting landscape of open source supply chain attacks - Part 1

Secure your software supply chain

Subscribe for all the latest software security news and events