Skip Navigation
Book a Demo
Book a Demo

Featured Article

Sonatype Named in the 2023 Gartner® Magic Quadrant™ for Application Security Testing

By Tara Flynn Condon on May 23, 2023 AppSec

Sonatype is named to the 2023 Gartner Magic Quadrant for Application Security Testing (AST).

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

This Week in Malware—Ongoing Dependency Confusion

By Ax Sharma on September 09, 2022 vulnerabilities

4 minute read time

This week in malware, Sonatype's automated malware detection systems have spotted over four dozen dependency confusion candidates.
Read More...
Image of bugs on a screen
READ MORE

This Week in Malware— Cryptominers Flood npm, PyPI, and More Dependency Confusion

By Hernán Ortiz on August 19, 2022 vulnerabilities

2 minute read time

This week Sonatype discovered 200+ npm and PyPI packages that are cryptominers, with additional packages comprising dependency confusion PoCs.
Read More...
READ MORE

More Than 200 Cryptomining Packages Flood npm and PyPI Registry

By Ax Sharma on August 19, 2022 vulnerabilities

5 minute read time

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
Read More...
Wicket Good Development headline image (hands on a keyboard)
READ MORE

Wicked Good Development Episode 13: Hacks and Ax, July Edition

By Kadi Grigg on August 03, 2022 npm

13 minute read time

Ax Sharma, a security researcher at Sonatype and tech journalist, joins Kadi and Omar for his monthly update on protestware and ransomware.
Read More...
READ MORE

StringJS Typosquat Deploys Discord Infostealer Obfuscated Five Times

By Ax Sharma on July 26, 2022 vulnerabilities

4 minute read time

An npm package called 'stringjs_lib' identified by Sonatype this week typosquats the popular npm library 'string' (or StringJS) to ship an obfuscated info-stealer obfuscated not one, five times.
Read More...
READ MORE

This Week in Malware—John Deere Dependency Confusion Attempt and More

By Ax Sharma on July 22, 2022 vulnerabilities

3 minute read time

We discovered and analyzed 17 packages, at least a dozen of which were dependency confusion PoCs directly targeting the agricultural equipment giant John Deere (Deere & Company). An additional 42
Read More...
READ MORE

John Deere Dependency Confusion Attempt Flagged by Sonatype

By Ax Sharma on July 21, 2022 vulnerabilities

4 minute read time

Sonatype identified 17 npm packages, at least 12 of which directly target John Deere's private npm dependencies via dependency confusion, a technique that continues to repeatedly be employed by bug
Read More...
READ MORE

This Week in Malware—July 15th Edition

By Ax Sharma on July 15, 2022 vulnerabilities

2 minute read time

This Week in Malware we identified over 34 npm and PyPI packages that are either dependency confusion candidates, prank packages, contain PoC reverse shell code, or otherwise contain extensive
Read More...
READ MORE

This Week in Malware—Python Cryptominers, 345 Dependency Confusion Packages

By Ax Sharma on July 01, 2022 vulnerabilities

17 minute read time

This week's highlights include a PyPI typosquat that drops a cryptominer and AWS credential stealer, along with an influx of 345 dependency confusion packages caught by Sonatype's automated malware
Read More...