Intro to Malware Analysis: Analyzing Python Malware

By Juan Aguirre on January 19, 2023 Nexus Firewall

11 minute read time

Understanding malware analysis and the process of researching security vulnerabilities is the first step toward implementing best practices.
Read More...

Developers Need Two Things: The Nexus Platform and a Full Pot of Coffee

By Austin Bradley on December 13, 2022 Nexus Lifecycle

5 minute read time

Waiting too long to invest in security is too common. Sonatype's Nexus platform helps orgs protect themselves from known and unknown vulnerabilities.
Read More...

The Magic Behind Over 101,000 Malicious Packages Discovered and Blocked

By Chris Good on November 08, 2022 Nexus Firewall

3 minute read time

A look at how Sonatype software is protecting development teams and software with the industry-leading tools.
Read More...

Arming the Defender Force and Securing the Software Supply Chain: Helping Developers Implement CISA Best Practices - Part 1

By Eric Hill on September 19, 2022 Nexus Lifecycle

4 minute read time

Sonatype's Nexus Platform helps give DevSecOps practitioners the tools they need to help secure the software supply chain against malicious cyber attacks.
Read More...

More Than 200 Cryptomining Packages Flood npm and PyPI Registry

By Ax Sharma on August 19, 2022 vulnerabilities

5 minute read time

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
Read More...

PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero

By Ax Sharma on August 11, 2022 vulnerabilities

7 minute read time

Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.
Read More...

Ransomware in PyPI: Sonatype Spots 'Requests' Typosquats

By Ax Sharma on August 02, 2022 vulnerabilities

8 minute read time

Sonatype has spotted multiple typosquats of the popular Python library, 'requests' that contain ransomware scripts.
Read More...

StringJS Typosquat Deploys Discord Infostealer Obfuscated Five Times

By Ax Sharma on July 26, 2022 vulnerabilities

4 minute read time

An npm package called 'stringjs_lib' identified by Sonatype this week typosquats the popular npm library 'string' (or StringJS) to ship an obfuscated info-stealer obfuscated not one, five times.
Read More...

This Week in Malware—Show Me Your Secrets!

By Ax Sharma on June 24, 2022 vulnerabilities

3 minute read time

These Python packages not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.
Read More...