Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Protecting software developers from malware with AI/ML insights

By Mandeep Singh on April 20, 2023 featured

5 minute read time

Developer-targeted malware is a complex and difficult problem. A look at what tools and information are needed to reduce risk in your development pipeline.

Read More...

Sonatype Repository Firewall is an easy solution for a big problem

By Audra Davis-Hurst on April 03, 2023 secure software supply chain

6 minute read time

Discover Sonatype Repository Firewall's AI-driven protection for SDLCs, blocking malicious components and ensuring a more secure software supply chain.

Read More...

Top 8 malicious attacks recently found on PyPI

By Sonatype Developer Relations on March 16, 2023 vulnerabilities

13 minute read time

Eight malicious attacks on PyPI recently caught our Security Research Team's eye. Get the details about the actions and motivations of the attackers.

Read More...

Malware Monthly - January 2023

By Sonatype Developer Relations on February 10, 2023 vulnerabilities

11 minute read time

January 2023's Malware Monthly covers malware that rejects virtual machines, Linux crypto miners, evasive variants of RAT mutants, and more.

Read More...

Intro to malware analysis: Analyzing Python malware

By Juan Aguirre on January 19, 2023 python

11 minute read time

Understanding malware analysis and the process of researching security vulnerabilities is the first step toward implementing best practices.

Read More...

Developers need two things: The Sonatype Platform and a full pot of coffee

By Austin Bradley on December 13, 2022 Sonatype Platform

5 minute read time

Waiting too long to invest in security is too common. Sonatype's Nexus platform helps orgs protect themselves from known and unknown vulnerabilities.

Read More...

The magic behind over 101,000 Malicious packages discovered and blocked

By Chris Good on November 08, 2022 Product

3 minute read time

A look at how Sonatype software is protecting development teams and software with the industry-leading tools.

Read More...

Arming the defender force and securing the software supply chain: Helping developers implement CISA best practices - Part 1

By Eric Hill on September 19, 2022 secure software supply chain

4 minute read time

Sonatype's Nexus Platform helps give DevSecOps practitioners the tools they need to help secure the software supply chain against malicious cyber attacks.

Read More...

More than 200 cryptomining packages flood npm and PyPI registry

By Ax Sharma on August 19, 2022 vulnerabilities

5 minute read time

More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.

Read More...

Previous Next

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Protecting software developers from malware with AI/ML insights

Sonatype Repository Firewall is an easy solution for a big problem

Top 8 malicious attacks recently found on PyPI

Malware Monthly - January 2023

Intro to malware analysis: Analyzing Python malware

Developers need two things: The Sonatype Platform and a full pot of coffee

The magic behind over 101,000 Malicious packages discovered and blocked

Arming the defender force and securing the software supply chain: Helping developers implement CISA best practices - Part 1

More than 200 cryptomining packages flood npm and PyPI registry

Secure your software supply chain

Subscribe for all the latest software security news and events