Featured Article
Introducing our 9th annual State of the Software Supply Chain report
npm packages caught exfiltrating Kubernetes config, SSH keys
4 minute read time
Sonatype tracks an ongoing campaign that uses npm packages to retrieve and exfiltrate Kubernetes configuration and SSH keys to an external server
Read More...
New npm PoC packages target PayPal Zettle, Airbnb developers
4 minute read time
Sonatype identified npm packages that exploit dependency confusion, named after internal dependencies purportedly used by PayPal Zettle and Airbnb
Read More...
npm manifest confusion – what is it and do you really need to worry about it?
Read More...
Malware Monthly - March 2023
12 minute read time
March 2023's Malware Monthly dives into a series of information stealers uploaded to the PyPI registry, the latest OpenAI data leak, and more.
Read More...
Malware Monthly - February 2023
8 minute read time
The February 2023 edition of Malware Monthly shares insights into copycat information stealers, malware linked to video game mods, and more.
Read More...
Malware Monthly - January 2023
11 minute read time
January 2023's Malware Monthly covers malware that rejects virtual machines, Linux crypto miners, evasive variants of RAT mutants, and more.
Read More...
Malware Monthly - December 2022
10 minute read time
Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.
Read More...
This Week in Malware - Over 70 Packages Discovered
2 minute read time
This week, we discovered and analyzed six dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...
This Week in Malware - Nearly 40 Packages Discovered
2 minute read time
This week in malware, we discovered and analyzed nearly 40 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...