Featured Article

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

By Aaron Linskens on September 12, 2023 Software Supply Chain

Explore the influence of generative AI in software development via the results of Sonatype's recent survey involving 400 DevOps and 400 SecOps leaders

Read More

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

By Ax Sharma on August 03, 2023 Open Source

3 minute read time

A malicious PyPI package ‘VMConnect’ designed to resemble VMware vSphere Connector Module was caught by Sonatype’s automated malware detection systems

Read More...

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

By Ax Sharma on July 17, 2023 PyPI

3 minute read time

A malicious PyPI package called ‘feur’ was caught by Sonatype’s automated malware detection systems

Read More...

PyPI attackers still at it: Malicious packages drop trojans and info-stealers

By Ax Sharma on June 22, 2023 vulnerability

3 minute read time

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.

Read More...

Malware Monthly - March 2023

By Sonatype Developer Relations on April 11, 2023 vulnerabilities

12 minute read time

March 2023's Malware Monthly dives into a series of information stealers uploaded to the PyPI registry, the latest OpenAI data leak, and more.

Read More...

Computer screen with code that looks like a human skull

ChatGPT data leak and Redis race condition vulnerability that remains unfixed

By Ax Sharma on March 27, 2023 vulnerability

4 minute read time

Last week's OpenAI payment data and chat history leak involved a Race Condition vulnerability in an open source component, Redis.

Read More...

Top 8 malicious attacks recently found on PyPI

By Sonatype Developer Relations on March 16, 2023 vulnerabilities

13 minute read time

Eight malicious attacks on PyPI recently caught our Security Research Team's eye. Get the details about the actions and motivations of the attackers.

Read More...

Malware Monthly - February 2023

By Sonatype Developer Relations on March 09, 2023 vulnerabilities

8 minute read time

The February 2023 edition of Malware Monthly shares insights into copycat information stealers, malware linked to video game mods, and more.

Read More...

How stolen information stealers are fueling an underground market

By Hernán Ortiz on February 27, 2023 Known Vulnerabilities

9 minute read time

A look at the tactics, techniques, and procedures used to deploy a series of information stealers being uploaded to the PyPI registry.

Read More...

Man with a computer as a head with a skull and crossbones image on it

Attacker floods PyPI with 1000s of malicious packages that drop Windows trojan via Dropbox

By Ax Sharma on February 26, 2023 vulnerabilities

3 minute read time

A threat actor has infiltrated the PyPI software registry with 1,000s of malicious packages at one time.

Read More...

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

PyPI attackers still at it: Malicious packages drop trojans and info-stealers

Malware Monthly - March 2023

ChatGPT data leak and Redis race condition vulnerability that remains unfixed

Top 8 malicious attacks recently found on PyPI

Malware Monthly - February 2023

How stolen information stealers are fueling an underground market

Attacker floods PyPI with 1000s of malicious packages that drop Windows trojan via Dropbox

Secure your software supply chain

Subscribe for all the latest software security news and events