Featured Article

Introducing our 9th annual State of the Software Supply Chain report

By Aaron Linskens on October 03, 2023 open source security

Sonatype announces the arrival of our 9th annual State of the Software Supply Chain report that explores open source security, industry trends, and more.

Read More

npm packages caught exfiltrating Kubernetes config, SSH keys

By Ax Sharma on September 19, 2023 npm

4 minute read time

Sonatype tracks an ongoing campaign that uses npm packages to retrieve and exfiltrate Kubernetes configuration and SSH keys to an external server

Read More...

New npm PoC packages target PayPal Zettle, Airbnb developers

By Ax Sharma on September 12, 2023 npm

4 minute read time

Sonatype identified npm packages that exploit dependency confusion, named after internal dependencies purportedly used by PayPal Zettle and Airbnb

Read More...

npm manifest confusion – What is it and do you really need to worry about it?

By Ax Sharma on June 28, 2023 npm

4 minute read time

npm manifest confusion – what is it and do you really need to worry about it?

Read More...

Malware Monthly - March 2023

By Sonatype Developer Relations on April 11, 2023 vulnerabilities

12 minute read time

March 2023's Malware Monthly dives into a series of information stealers uploaded to the PyPI registry, the latest OpenAI data leak, and more.

Read More...

Malware Monthly - February 2023

By Sonatype Developer Relations on March 09, 2023 vulnerabilities

8 minute read time

The February 2023 edition of Malware Monthly shares insights into copycat information stealers, malware linked to video game mods, and more.

Read More...

Malware Monthly - January 2023

By Sonatype Developer Relations on February 10, 2023 vulnerabilities

11 minute read time

January 2023's Malware Monthly covers malware that rejects virtual machines, Linux crypto miners, evasive variants of RAT mutants, and more.

Read More...

Malware Monthly - December 2022

By Sonatype Developer Relations on January 17, 2023 vulnerabilities

10 minute read time

Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.

Read More...

This Week in Malware - Over 70 Packages Discovered

By Aaron Linskens on October 28, 2022 vulnerabilities

2 minute read time

This week, we discovered and analyzed six dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.

Read More...

Warning message on a screen, hands thrown up in frustration

This Week in Malware - Nearly 40 Packages Discovered

By Aaron Linskens on October 21, 2022 vulnerabilities

2 minute read time

This week in malware, we discovered and analyzed nearly 40 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.

Read More...

Introducing our 9th annual State of the Software Supply Chain report

npm packages caught exfiltrating Kubernetes config, SSH keys

New npm PoC packages target PayPal Zettle, Airbnb developers

npm manifest confusion – What is it and do you really need to worry about it?

Malware Monthly - March 2023

Malware Monthly - February 2023

Malware Monthly - January 2023

Malware Monthly - December 2022

This Week in Malware - Over 70 Packages Discovered

This Week in Malware - Nearly 40 Packages Discovered

Secure your software supply chain

Subscribe for all the latest software security news and events