Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

PyPI attackers still at it: Malicious packages drop trojans and info-stealers

By Ax Sharma on June 22, 2023 vulnerability

3 minute read time

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.
Read More...
READ MORE

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

By Ax Sharma on May 24, 2022 vulnerabilities

5 minute read time

Popular Python package 'ctx' that is downloaded over 22,000 times weekly on PyPI registry has been compromised and now steals environment variables.
Read More...
READ MORE

New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux

By Ax Sharma on May 20, 2022 vulnerabilities

5 minute read time

The 'pymafka' PyPI package is filled with trojans targeting Windows, macOS & Linux users and appears to typosquat the popular PyKafka.
Read More...
GettyImages-473158924
READ MORE

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

By Elisa Velarde on September 27, 2019 vulnerabilities

4 minute read time

In this month's Nexus Intelligence Insights, we're covering CVE-2019-15753: a MAC address aging vulnerability that opens up the potential for a DoS and.
Read More...