Critical New 0-day Vulnerability in Popular Log4j Library Discovered | Read Blog

New Year, New CVE: a Deep Dive into the ‘node-forge’ (CVE-2022-0122)

By Juan Aguirre on January 25, 2022 vulnerabilities
There's no better way to kick off the new year than with an analysis of an open source vulnerability affecting the popular node-forge component on npm.
Read More...

'Faker' npm Library Gets New Home After Dev Throws in the Towel

By Ax Sharma on January 18, 2022 npm
Reputable maintainers have taken over the popular (and crucial) open source component "Faker", and it's already seeing traction.
Read More...

Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt

By Ax Sharma on April 13, 2021 vulnerabilities
New malware exists in a brandjacking npm package called web-browserify that imitates the legitimate browserify component
Read More...

Netmask Flaw Leaves Millions Vulnerable While a PHP Git Server is Hacked in Software Supply Chain Attack

By Ax Sharma on March 29, 2021 vulnerabilities
2 critical software supply chain attacks were uncovered today. An improper input validation vulnerability in the npm component netmask and an attack on PHP’s Git server.
Read More...

There’s a RAT in my code: new npm malware with Bladabindi trojan spotted

By Ax Sharma on December 01, 2020 vulnerabilities
Sonatype discovered new malware within the npm registry, jdb.js and db-json.js This time, the typosquatting packages are laced with a popular Remote Access Trojan (RAT).
Read More...

Discord squashes critical Electron bugs: open source attacks continue to grow

By Ax Sharma on October 21, 2020 Nexus Lifecycle
Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop app.
Read More...

From Prototype Pollution to full-on remote code execution, how can adversaries exploit npm modules?

By Ax Sharma on August 19, 2020 vulnerabilities
August's Nexus Intelligence Insight looks at the NodeJS component express-fileupload which now has a critical Prototype Pollution vulnerability.
Read More...

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

By Kevin Miller on July 07, 2020 github
Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.
Read More...

Custom Node Module Management using Private npm Registry Configured in Nexus Repository

By Nipun Thilakshan on June 17, 2020 How-To
How to configure a private npm registry in Sonatype Nexus Repository, and how to publish and consume custom Node.js modules in your projects.
Read More...