Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

This Week in Malware — Killing Windows Defender with an npm package

By Ax Sharma on June 17, 2022 vulnerabilities

3 minute read time

This Week in Malware we discuss a malicious npm package that disables Windows Defender before dropping a trojan, and ongoing dependency confusion findings.
Read More...
READ MORE

This Week in Malware — npm malware exfiltrates Windows SAM, Amazon EC2 credentials

By Ax Sharma on June 10, 2022 vulnerabilities

4 minute read time

Malicious packages caught this week exfiltrate Amazon EC2, Windows SAM credentials, and launch malicious executables.
Read More...
READ MORE

This Week in Malware — Malicious Rust crate, 'colors' typosquats

By Ax Sharma on May 14, 2022 vulnerabilities

5 minute read time

From a malcious Rust typosquat found in the crates[.
Read More...
READ MORE

This Week in Malware — Apache Kafka typosquats, shorthand data exfiltration

By Ax Sharma on May 06, 2022 vulnerabilities

4 minute read time

This Week In Malware—May 6th edition: Apache Kafka typosquat, and a simple distraction technique.
Read More...
READ MORE

This Week in Malware - Special edition on protestware and a Struts RCE deja vu

By Ax Sharma on April 15, 2022 vulnerabilities

4 minute read time

In a special edition of This Week in Malware, we change focus and look at protestware and the tale of a two-year-old Struts bug that's returned.
Read More...
READ MORE

This Week in Malware — VMware, secrets, and security by obscurity

By Ax Sharma on April 08, 2022 vulnerabilities

2 minute read time

This week in malware digest for 8th April 2022: VMWare dependency confusion attempt and the importance of secrets management.
Read More...
READ MORE

This Week in Malware — A 'fix-crash' info-stealer and 500+ malicious npm packages

By Ax Sharma on April 01, 2022 vulnerabilities

6 minute read time

This week in malware—Dive Deep into this week's findings from Sonatype's automated malware detection system.
Read More...