Featured Article
New Design, New Features: Maven Central Improvements for Developers
Last week's OpenAI payment data and chat history leak involved a Race Condition vulnerability in an open source component, Redis.
Read More...
Top 8 Malicious Attacks Recently Found On PyPI
13 minute read time
Eight malicious attacks on PyPI recently caught our Security Research Team's eye. Get the details about the actions and motivations of the attackers.
Read More...
Malware Monthly - February 2023
8 minute read time
The February 2023 edition of Malware Monthly shares insights into copycat information stealers, malware linked to video game mods, and more.
Read More...
Attacker Floods PyPI With 1000s of Malicious Packages That Drop Windows Trojan via Dropbox
3 minute read time
A threat actor has infiltrated the PyPI software registry with 1,000s of malicious packages at one time.
Read More...
Malware Monthly - January 2023
11 minute read time
January 2023's Malware Monthly covers malware that rejects virtual machines, Linux crypto miners, evasive variants of RAT mutants, and more.
Read More...
The Shifting Landscape of Open Source Supply Chain Attacks - Part 3
12 minute read time
Brian Fox shares insights on who’s responsible for the security of software supply chains, and how orgs can minimize impact on efficiency and speed.
Read More...
Going Online With the OWASP Vulnerability Management Guide Working Group
6 minute read time
The OWASP Vulnerability Management Guide (OVMG) project seeks to simplify vulnerability management into repeatable and scalable cycles.
Read More...
Malware Monthly - December 2022
10 minute read time
Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.
Read More...
The No-Fix Mediums? Not Having a High Priority Doesn’t Mean Low Danger
5 minute read time
An ongoing weak link in the software supply chain is vulnerable software – are you being proactive or just putting out fires?
Read More...