How stolen information stealers are fueling an underground market
9 minute read time
A look at the tactics, techniques, and procedures used to deploy a series of information stealers being uploaded to the PyPI registry.
Read More...
Malicious ‘aptX’ Python package drops Meterpreter shell, deletes ‘netstat’
4 minute read time
Sonatype identified malicious Python packages on the PyPI software registry that carried out multiple nefarious activities.
Read More...
Caroling Through the Season: The Sounds of the 4shells
8 minute read time
As 2022 wraps up, we wanted to take a moment not only to reflect on Log4j but also on the other two “4shell” vulnerabilities that were disclosed.
Read More...
Malware Monthly - November 2022
12 minute read time
Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.
Read More...
It’s been a week since we were warned about the OpenSSL vulnerability. We're here to help you understand what this vulnerability is and what it is not.
Read More...
![08298b6[1].jpg](https://blog.sonatype.com/hubfs/blog-image-uploads/08298b6%5B1%5D.jpg)
Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)
1 minute read time
With the acknowledgement by Equifax this morning, we talk about who is responsible for this, the creators of the open source solutions or people who use them.
Read More...
The Nexus Firewall – Perimeter Defense for Software Development
4 minute read time
We now have a revolutionary way to improve speed and reduce risk through the quarantine of components with known vulnerabilities using Nexus Firewall.
Read More...
An Insider's View: Analyzing Software Supply Chains
5 minute read time
2016 state of the software supply chain report reveals the volume of open source component usage and quantifies the presence of known vulnerabilities.
Read More...
Automated Nexus Reports on Licenses, Security, and More
4 minute read time
Automated Nexus Reports on Licenses, Security, and More
Read More...