How stolen information stealers are fueling an underground market

By Hernán Ortiz on February 27, 2023 Known Vulnerabilities

9 minute read time

A look at the tactics, techniques, and procedures used to deploy a series of information stealers being uploaded to the PyPI registry.
Read More...

Malicious ‘aptX’ Python package drops Meterpreter shell, deletes ‘netstat’

By Ax Sharma on February 08, 2023 Known Vulnerabilities

4 minute read time

Sonatype identified malicious Python packages on the PyPI software registry that carried out multiple nefarious activities.
Read More...

Caroling through the season: The sounds of the 4shells

8 minute read time

As 2022 wraps up, we wanted to take a moment not only to reflect on Log4j but also on the other two “4shell” vulnerabilities that were disclosed.
Read More...

Malware Monthly - November 2022

12 minute read time

Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.
Read More...

What the OpenSSL vulnerabilities are… and aren't (CVE-2022-3786 and CVE-2022-3602)

By Eddie Knight on November 01, 2022 Known Vulnerabilities

4 minute read time

It’s been a week since we were warned about the OpenSSL vulnerability. We're here to help you understand what this vulnerability is and what it is not.
Read More...

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

By Mark Miller on September 14, 2017 Known Vulnerabilities

1 minute read time

With the acknowledgement by Equifax this morning, we talk about who is responsible for this, the creators of the open source solutions or people who use them.
Read More...

The Nexus Firewall – Perimeter Defense for Software Development

By Mike Hansen on January 25, 2017 Known Vulnerabilities

4 minute read time

We now have a revolutionary way to improve speed and reduce risk through the quarantine of components with known vulnerabilities using Nexus Firewall.
Read More...

An Insider's View: Analyzing Software Supply Chains

5 minute read time

2016 state of the software supply chain report reveals the volume of open source component usage and quantifies the presence of known vulnerabilities.
Read More...

Automated Nexus Reports on Licenses, Security, and More

By Derek Weeks on August 05, 2015 nexus pro

4 minute read time

Automated Nexus Reports on Licenses, Security, and More
Read More...