npm packages caught exfiltrating Kubernetes config, SSH keys
4 minute read time
Sonatype tracks an ongoing campaign that uses npm packages to retrieve and exfiltrate Kubernetes configuration and SSH keys to an external server
Read More...
New npm PoC packages target PayPal Zettle, Airbnb developers
4 minute read time
Sonatype identified npm packages that exploit dependency confusion, named after internal dependencies purportedly used by PayPal Zettle and Airbnb
Read More...
Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module
3 minute read time
A malicious PyPI package ‘VMConnect’ designed to resemble VMware vSphere Connector Module was caught by Sonatype’s automated malware detection systems
Read More...
“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer
3 minute read time
A malicious PyPI package called ‘feur’ was caught by Sonatype’s automated malware detection systems
Read More...
Protecting software developers from malware with AI/ML insights
5 minute read time
Developer-targeted malware is a complex and difficult problem. A look at what tools and information are needed to reduce risk in your development pipeline.
Read More...
[New live series] Dev Chat with Dan Conn: Beware of malware
1 minute read time
Introducing our new monthly live stream series: Dev Chat with Dan Conn. Tune for snack-sized episodes covering the latest issues DevOps professionals face.
Read More...
Attacker floods PyPI with 1000s of malicious packages that drop Windows trojan via Dropbox
3 minute read time
A threat actor has infiltrated the PyPI software registry with 1,000s of malicious packages at one time.
Read More...
Intro to malware analysis: Analyzing Python malware
11 minute read time
Understanding malware analysis and the process of researching security vulnerabilities is the first step toward implementing best practices.
Read More...