Skip Navigation

From feature to vulnerability: A Spring-Security-oauth2-Client story

By Juan Aguirre on August 27, 2021 vulnerabilities

5 minute read time

Taking a deeper dive into a Spring vulnerability and understanding how lack of control over resources can lead to a DoS (Denial of Service).
Read More...

Damaging Linux and Mac malware bundled within Browserify npm brandjack attempt

By Ax Sharma on April 13, 2021 vulnerabilities

7 minute read time

New malware exists in a brandjacking npm package called web-browserify that imitates the legitimate browserify component
Read More...

Deep diving into CVE-2021-22114 spring-integration-zip path traversal

By Juan Aguirre on March 31, 2021 vulnerabilities

3 minute read time

We take a deep dive into CVE-2021-22114, which is causing problems for the second time.
Read More...

Netmask flaw leaves millions vulnerable while a PHP Git server is hacked in software supply chain attack

By Ax Sharma on March 29, 2021 vulnerabilities

4 minute read time

2 critical software supply chain attacks were uncovered today.
Read More...

PyPI and npm flooded with over 5,000 dependency confusion copycats

By Ax Sharma on March 03, 2021 vulnerabilities

4 minute read time

Both PyPi and npm are being inundated with malicious dependency confusion packages.
Read More...

Newly identified dependency confusion packages target Amazon, Zillow, and Slack; Go beyond just bug bounties

By Ax Sharma on March 01, 2021 vulnerabilities

9 minute read time

Malicious npm dependency confusion packages exfiltrate your bash_history and /etc/shadow files
Read More...

Sonatype spots 275+ malicious npm packages copying recent software supply chain attacks that hit 35 organizations

By Ax Sharma on February 12, 2021 vulnerabilities

7 minute read time

48 hours after a security researcher breached 35+ tech companies in a novel software supply chain attack, Sonatype’s Nexus Intelligence flagged 150+ copycat.
Read More...

Dependency hijacking software supply chain attack hits more than 35 organizations

By Ax Sharma on February 09, 2021 vulnerabilities

9 minute read time

A security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack.
Read More...

CursedGrabber strikes again: Sonatype spots new malware campaign against software supply chains

3 minute read time

Sonatype has determined those behind the CursedGrabber Discord malware family, have published a new malware campaign against software supply chains
Read More...