This Week in Malware - Over 70 Packages Discovered

By Aaron Linskens on October 28, 2022 vulnerabilities

2 minute read time

This week, we discovered and analyzed six dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...

This Week in Malware - Nearly 40 Packages Discovered

By Aaron Linskens on October 21, 2022 vulnerabilities

2 minute read time

This week in malware, we discovered and analyzed nearly 40 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...

This Week in Malware - Over 50 Packages Discovered

By Aaron Linskens on October 14, 2022 vulnerabilities

2 minute read time

This week we discovered and analyzed nearly 5 dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...

This Week in Malware - Over 100 Packages Discovered

By Aaron Linskens on October 07, 2022 vulnerabilities

6 minute read time

This week in malware, we discovered and analyzed more than 100 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...

This Week in Malware - 135 Packages Target npm and PyPI Registries

By Aaron Linskens on September 30, 2022 vulnerabilities

3 minute read time

This week in malware, we discovered and analyzed 135 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...

This Week in Malware—Ongoing Dependency Confusion

By Ax Sharma on September 09, 2022 vulnerabilities

4 minute read time

This week in malware, Sonatype's automated malware detection systems have spotted over four dozen dependency confusion candidates.
Read More...

This Week in Malware— Cryptominers Flood npm, PyPI, and More Dependency Confusion

By Hernán Ortiz on August 19, 2022 vulnerabilities

2 minute read time

This week Sonatype discovered 200+ npm and PyPI packages that are cryptominers, with additional packages comprising dependency confusion PoCs.
Read More...

More Than 200 Cryptomining Packages Flood npm and PyPI Registry

By Ax Sharma on August 19, 2022 vulnerabilities

5 minute read time

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
Read More...

Wicked Good Development Episode 13: Hacks and Ax, July Edition

By Kadi Grigg on August 03, 2022 npm

13 minute read time

Ax Sharma, a security researcher at Sonatype and tech journalist, joins Kadi and Omar for his monthly update on protestware and ransomware.
Read More...