Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Cyber Mayhem - Attackers Actively Exploit Vulnerable Confluence Servers, while 500,000 Fortinet VPNs See Passwords Leaked

By Ax Sharma on September 13, 2021 vulnerabilities
Last week severe zero-days in Atlassian Confluence, Fortinet devices, and Microsoft Office all needed patching following active exploits.
Read More...

From Feature to Vulnerability: a spring-security-oauth2-client Story

By Juan Aguirre on August 27, 2021 vulnerabilities
Taking a deeper dive into a Spring vulnerability and understanding how lack of control over resources can lead to a DoS (Denial of Service).
Read More...

What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities
ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...

This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites

By Ax Sharma on July 16, 2021 vulnerabilities
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS, that threatened the security, integrity, and availability of the wider supply chain.
Read More...

Kaseya Ransomware: a Software Supply Chain Attack or Not?

By Matt Howard on July 06, 2021 vulnerabilities
As companies scramble to address and resolve this devastating attack, we look at what makes a supply chain and what it takes to address upstream attacks.
Read More...

Sonatype Catches New PyPI Cryptomining Malware

By Ax Sharma on June 21, 2021 vulnerabilities
New malicious typosquatting packages infiltrating the PyPI repository identified that secretly pull in cryptominers.
Read More...

What You Need to Know about the Codecov Incident: A Supply Chain Attack Gone Undetected for 2 Months

By Ax Sharma on April 19, 2021 vulnerabilities
A new software supply chain attack on software testing firm Codecov highlights why developers to take an active role in protecting their systems.
Read More...

Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt

By Ax Sharma on April 13, 2021 vulnerabilities
New malware exists in a brandjacking npm package called web-browserify that imitates the legitimate browserify component
Read More...

Meet the Developers Behind Sonatype’s Automated Malware Detection System Securing Open Source Supply Chains

By Ax Sharma on April 08, 2021 vulnerabilities
Meet the principal software engineers behind Sonatype's automated malware detection system, Release Integrity.
Read More...