Sonatype Introduces Next Generation Dependency Management | Press Release

Sonatype Spots 275+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations

By Ax Sharma on February 12, 2021 vulnerabilities
48 hours after a security researcher breached 35+ tech companies in a novel software supply chain attack, Sonatype’s Nexus Intelligence flagged 150+ copycat npm packages published by different
Read More...

Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations

By Ax Sharma on February 09, 2021 vulnerabilities
A security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack.
Read More...

CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains

Sonatype has determined those behind the CursedGrabber Discord malware family, have published a new malware campaign against software supply chains
Read More...

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.
Read More...

2 New RubyGems laced with cryptocurrency stealing malware taken down

By Ax Sharma on December 16, 2020 vulnerabilities
RubyGems removed 2 gems from its repo that contained malicious code. When run, it infected Windows machines and replaced any cryptocurrency wallet address it found on the user’s clipboard with the
Read More...

There’s a RAT in my code: new npm malware with Bladabindi trojan spotted

By Ax Sharma on December 01, 2020 vulnerabilities
Sonatype discovered new malware within the npm registry, jdb.js and db-json.js This time, the typosquatting packages are laced with a popular Remote Access Trojan (RAT).
Read More...

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

By Ax Sharma on November 16, 2020 vulnerabilities
Sonatype has discovered more malware in the npm registry, xpc.js, which has led to the discovery of a novel and large scale malware campaign leveraging the open-source ecosystem.
Read More...

Discord.dll: successor to npm “fallguys” malware went undetected for 5 months

By Ax Sharma on November 09, 2020 vulnerabilities
Sonatype has identified a series of counterfeit components in the npm ecosystem, Discord.dll, that are similar to the malicious “fallguys” npm package discovered in Sept.
Read More...

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

By Ax Sharma on November 08, 2020 github
Gitpaste-12, a worming botnet, is extremely versatile in its advanced capabilities as it leverages trustworthy sites like GitHub and Pastebin to host itself.
Read More...