Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

7 minute read time

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More...

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

By Jeff Wayman on December 14, 2023 vulnerabilities

6 minute read time

The recent identification of CVE-2023-50164 in Apache Struts is quite similar to other vulnerabilities Sonatype has seen and covered in the past.

Read More...

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

By Ilkka Turunen on December 14, 2023 vulnerabilities

3 minute read time

Sonatype covers how Ledger, a maker of hardware wallets for storing crypto, identified malicious software embedded in one of their open source packages

Read More...

A closer look: Differentiating software vulnerabilities and malware

By Aaron Linskens on July 11, 2023 vulnerabilities

7 minute read time

Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain

Read More...

Malware Monthly - March 2023

By Sonatype Developer Relations on April 11, 2023 vulnerabilities

12 minute read time

March 2023's Malware Monthly dives into a series of information stealers uploaded to the PyPI registry, the latest OpenAI data leak, and more.

Read More...

Sonatype Repository Firewall is an easy solution for a big problem

By Audra Davis-Hurst on April 03, 2023 secure software supply chain

6 minute read time

Discover Sonatype Repository Firewall's AI-driven protection for SDLCs, blocking malicious components and ensuring a more secure software supply chain.

Read More...

Manage open source risk with improved malware detection

By Mandeep Singh on March 27, 2023 secure software supply chain

5 minute read time

Malware targeting developers remains a major concern. Learn what your organization can do to keep cybersecurity risks out of your development pipeline.

Read More...

[New live series] Dev Chat with Dan Conn: Beware of malware

By Sonatype on March 20, 2023 News and Views

1 minute read time

Introducing our new monthly live stream series: Dev Chat with Dan Conn. Tune for snack-sized episodes covering the latest issues DevOps professionals face.

Read More...

Top 8 malicious attacks recently found on PyPI

By Sonatype Developer Relations on March 16, 2023 vulnerabilities

13 minute read time

Eight malicious attacks on PyPI recently caught our Security Research Team's eye. Get the details about the actions and motivations of the attackers.

Read More...

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

A closer look: Differentiating software vulnerabilities and malware

Malware Monthly - March 2023

Sonatype Repository Firewall is an easy solution for a big problem

Manage open source risk with improved malware detection

[New live series] Dev Chat with Dan Conn: Beware of malware

Top 8 malicious attacks recently found on PyPI

Secure your software supply chain

Subscribe for all the latest software security news and events