Featured Article

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

By Aaron Linskens on September 12, 2023 Software Supply Chain

Explore the influence of generative AI in software development via the results of Sonatype's recent survey involving 400 DevOps and 400 SecOps leaders

Read More

Developers Need Two Things: The Nexus Platform and a Full Pot of Coffee

By Austin Bradley on December 13, 2022 Nexus Lifecycle

5 minute read time

Waiting too long to invest in security is too common. Sonatype's Nexus platform helps orgs protect themselves from known and unknown vulnerabilities.

Read More...

The Magic Behind Over 101,000 Malicious Packages Discovered and Blocked

By Chris Good on November 08, 2022 Nexus Firewall

3 minute read time

A look at how Sonatype software is protecting development teams and software with the industry-leading tools.

Read More...

Arming the Defender Force and Securing the Software Supply Chain: Helping Developers Implement CISA Best Practices - Part 1

By Eric Hill on September 19, 2022 Nexus Lifecycle

4 minute read time

Sonatype's Nexus Platform helps give DevSecOps practitioners the tools they need to help secure the software supply chain against malicious cyber attacks.

Read More...

This Week in Malware—Killing Windows Defender With an npm Package

By Ax Sharma on June 17, 2022 vulnerabilities

3 minute read time

This Week in Malware we discuss a malicious npm package that disables Windows Defender before dropping a trojan, and ongoing dependency confusion findings.

Read More...

npm Package Disables Windows Defender Before Dropping Trojan

By Ax Sharma on June 13, 2022 vulnerabilities

4 minute read time

npm package 'flame-vali' makes multiple attempts to disable Windows Defender on the infected system before downloading a cryptominer.

Read More...

This Week in Malware—npm Malware Exfiltrates Windows SAM, Amazon EC2 Credentials

By Ax Sharma on June 10, 2022 vulnerabilities

4 minute read time

Malicious packages caught this week exfiltrate Amazon EC2, Windows SAM credentials, and launch malicious executables.

Read More...

This Week in Malware—Malicious Rust crate, 'colors' Typosquats

By Ax Sharma on May 14, 2022 vulnerabilities

6 minute read time

From a malcious Rust typosquat found in the crates[.]io repository to ongoing typosquatting attacks on 'colors' library, the OSS security problem hasn't gone away just yet.

Read More...

This Week in Malware—Apache Kafka Typosquats, Shorthand Data Exfiltration

By Ax Sharma on May 06, 2022 vulnerabilities

4 minute read time

This Week In Malware—May 6th edition: Apache Kafka typosquat, and a simple distraction technique.

Read More...

npm Package Downloads Another Package While Exfiltrating Your IP Address and Username

By Ax Sharma on May 06, 2022 vulnerabilities

5 minute read time

On any given day we analyze hundreds of suspicious npm and PyPI packages, but this one stood out to us. An npm package that downloads another empty npm package?

Read More...

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

Developers Need Two Things: The Nexus Platform and a Full Pot of Coffee

The Magic Behind Over 101,000 Malicious Packages Discovered and Blocked

Arming the Defender Force and Securing the Software Supply Chain: Helping Developers Implement CISA Best Practices - Part 1

This Week in Malware—Killing Windows Defender With an npm Package

npm Package Disables Windows Defender Before Dropping Trojan

This Week in Malware—npm Malware Exfiltrates Windows SAM, Amazon EC2 Credentials

This Week in Malware—Malicious Rust crate, 'colors' Typosquats

This Week in Malware—Apache Kafka Typosquats, Shorthand Data Exfiltration

npm Package Downloads Another Package While Exfiltrating Your IP Address and Username

Secure your software supply chain

Subscribe for all the latest software security news and events