Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More

Image of a man holding a chainsaw with smoke around him

New Log4j 1.x CVEs, and critical Chainsaw vulnerability — What to do?

By Ax Sharma on January 21, 2022 vulnerabilities

5 minute read time

Apache disclosed 3 vulns impacting Log4j 1.x versions, which included info on a critical Apache Chainsaw vulnerability buried within.

Read More...

Image of a column building with the word bank on it

Log4j exploits are now being used to spread Dridex banking Trojan

By Ax Sharma on December 21, 2021 vulnerabilities

5 minute read time

Log4shell exploits are now being leveraged by threat actors to infect Windows machines with the Dridex Trojan and Linux devices with Meterpreter

Read More...

Log4shell by the numbers- Why did CVE-2021-44228 set the internet on fire?

By Ilkka Turunen on December 14, 2021 vulnerabilities

6 minute read time

What the download numbers tell us about the impact of the critical vulnerability CVE-2021-44228

Read More...

Laptop with code showing open source vulnerability exploit

What is the Log4j exploit?

By Ilkka Turunen on December 10, 2021 vulnerabilities

7 minute read time

A serious 0-day Remote Code Execution exploit in log4j, the most popular java logging framework, was discovered today.

Read More...

Tracking the 'Noblox.js' npm malware campaign

By Juan Aguirre on November 23, 2021 vulnerabilities

4 minute read time

Another malicious npm package, noblox.js-rpc was spotted on registry that leverages familiar techniques to steal all sorts of sensitive data.

Read More...

Small blocks representing computers with one red figure block separated out

npm hijackers at it again: Popular 'coa' and 'rc' open source libraries taken over to spread malware

By Juan Aguirre on November 05, 2021 vulnerabilities

6 minute read time

Npm coa and rc packages were hijacked, via an account takeover, again highlighting the need to protect your open source software supply chains.

Read More...

Scary-movie style scene of hand on television screen.

Fake npm Roblox API package installs ransomware and has a spooky surprise

By Juan Aguirre on October 27, 2021 vulnerabilities

11 minute read time

Fake npm Roblox API package discovered by Sonatype uncovers first known ransomware maliciously placed in typosquatted open source package.

Read More...

Popular npm project used by millions hijacked in supply-chain attack

By Ax Sharma on October 25, 2021 vulnerabilities

7 minute read time

Companies are assessing impact from compromise of a popular npm project that may have introduced cryptominers and password stealers into their systems.

Read More...

Image of bitcoin breaking through a dollar bill

Newly found npm malware mines cryptocurrency on Windows, Linux, macOS devices

By Ax Sharma on October 20, 2021 vulnerabilities

5 minute read time

Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month.

Read More...

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

New Log4j 1.x CVEs, and critical Chainsaw vulnerability — What to do?

Log4j exploits are now being used to spread Dridex banking Trojan

Log4shell by the numbers- Why did CVE-2021-44228 set the internet on fire?

What is the Log4j exploit?

Tracking the 'Noblox.js' npm malware campaign

npm hijackers at it again: Popular 'coa' and 'rc' open source libraries taken over to spread malware

Fake npm Roblox API package installs ransomware and has a spooky surprise

Popular npm project used by millions hijacked in supply-chain attack

Newly found npm malware mines cryptocurrency on Windows, Linux, macOS devices

Secure your software supply chain

Subscribe for all the latest software security news and events