Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Nexus Intelligence Insights: What's in a Ghostcat? CVE-2020-1938 Apache Tomcat - Local File Inclusion Potentially Leads to RCE

By Ax Sharma on March 09, 2020 vulnerabilities

6 minute read time

Ghostcat manipulates the widely used Apache Tomcat web server. No version of Tomcat released in the last 13 years is immune, unless properly patched.

Read More...

Nexus Intelligence Insights: CVE-2018-5382 Bouncycastle Information Exposure

By Elisa Velarde on December 26, 2019 vulnerabilities

4 minute read time

In this month's Nexus Intelligence Insights, we're covering CVE-2018-5382: Information exposure in the bouncycastle component

Read More...

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

By Elisa Velarde on September 27, 2019 vulnerabilities

4 minute read time

In this month's Nexus Intelligence Insights, we're covering CVE-2019-15753: a MAC address aging vulnerability that opens up the potential for a DoS and.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Nexus Intelligence Insights: What's in a Ghostcat? CVE-2020-1938 Apache Tomcat - Local File Inclusion Potentially Leads to RCE

Nexus Intelligence Insights: CVE-2018-5382 Bouncycastle Information Exposure

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

Secure your software supply chain

Subscribe for all the latest software security news and events