Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
Image of a man holding a chainsaw with smoke around him
READ MORE

New Log4j 1.x CVEs, and critical Chainsaw vulnerability — What to do?

By Ax Sharma on January 21, 2022 vulnerabilities

5 minute read time

Apache disclosed 3 vulns impacting Log4j 1.x versions, which included info on a critical Apache Chainsaw vulnerability buried within.
Read More...
Image of man at podium with american flag in background
READ MORE

FTC warning in wake of Log4j: Secure your software supply chain

By Andrew Yorra on January 06, 2022 legal

3 minute read time

Not addressing Log4shell issues are looking at more than downtime or reputation damage. U.S. regulators are considering lawsuits to enforce security.
Read More...
READ MORE

How large organizations can easily scan for Log4j vulnerabilities

By Rishav Mishra on December 31, 2021 Product

7 minute read time

Large orgs looking for the Log4j vulnerability in 1000s of apps, can be more effective and efficient with Nexus Lifecycle and Easy SCM Onboarding.
Read More...
Red markers among the building blocks of open source
READ MORE

New Sonatype Nexus Repository Visualizer provides insights into Log4j usage

By Chris Good on December 30, 2021 featured

4 minute read time

Vulnerable Log4j components are still in active use. New functionality available for Sonatype's Nexus Repository monitors and helps address these issues.
Read More...
Stylized drawing of a large reptile
READ MORE

Log4j 2.17.1 fixes another code execution bug, but should you worry?

By Ax Sharma on December 29, 2021 vulnerabilities

7 minute read time

News of another possible open source vulnerability connected to Log4j raised eyebrows. A look at the issue, it's disclosure, and our response.
Read More...
READ MORE

How much should the federal government worry about Log4j?

By Sonatype on December 21, 2021 vulnerabilities

7 minute read time

As the world worries about Log4j exploit, we look at how the US Federal Government is responding - and how worried it should be about this vulnerability.
Read More...
Image of a column building with the word bank on it
READ MORE

Log4j exploits are now being used to spread Dridex banking Trojan

By Ax Sharma on December 21, 2021 vulnerabilities

5 minute read time

Log4shell exploits are now being leveraged by threat actors to infect Windows machines with the Dridex Trojan and Linux devices with Meterpreter
Read More...
READ MORE

Log4shell by the numbers- Why did CVE-2021-44228 set the internet on fire?

By Ilkka Turunen on December 14, 2021 vulnerabilities

6 minute read time

What the download numbers tell us about the impact of the critical vulnerability CVE-2021-44228
Read More...
Laptop with code showing open source vulnerability exploit
READ MORE

What is the Log4j exploit?

By Ilkka Turunen on December 10, 2021 vulnerabilities

7 minute read time

A serious 0-day Remote Code Execution exploit in log4j, the most popular java logging framework, was discovered today.
Read More...