The shifting landscape of open source supply chain attacks - Part 2

By Brian Fox on January 25, 2023 thought leaders

11 minute read time

Sonatype's Brian Fox delves into how bad actors and cybercriminals are attacking the software supply chain, and how cyberattacks continue to evolve.
Read More...

PyTorch namespace (dependency) confusion attack

By Ilkka Turunen on January 04, 2023 News

4 minute read time

During the 2022 holiday season, a dependency confusion attack targeted PyTorch. Here's what users of PyTorch-NightlyBuild need to know.
Read More...

Are you still wondering about dependency confusion attacks?

By Luke Mcbride on June 03, 2021 featured

4 minute read time

Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate.
Read More...

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability

2 minute read time

Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities.
Read More...

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

By Brian Fox on November 27, 2018 vulnerabilities

3 minute read time

Open source software is under attack, and the malicious attack on the popular npm event-stream 3 package, is just the latest proof.
Read More...

Who Cares if Supermicro Happened. Supply Chain Attacks are Real and It’s Time to Pay Attention

3 minute read time

Technology supply chain attacks are happening in the wild, and whether or not the Supermicro story is real, it should be a wake-up call for all of us.
Read More...