Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

$3 Million Cryptocurrency Heist Stemmed from a Malicious GitHub Commit

By Ax Sharma on September 20, 2021 vulnerabilities
Cryptocurrency site loses funds after supply chain attack. A look at what happened, this time due to poor Git security policy.
Read More...

OMIGOD! Microsoft Secretly Installed an Open Source Agent with Critical Vulnerabilities on Thousands of Linux VMs

By Ax Sharma on September 17, 2021 vulnerabilities
Microsoft released patches for critical vulnerabilities in its Open Management Infrastructure (OMI) software agent which had been silently installed on Azure Linux VMs.
Read More...

Cyber Mayhem - Attackers Actively Exploit Vulnerable Confluence Servers, while 500,000 Fortinet VPNs See Passwords Leaked

By Ax Sharma on September 13, 2021 vulnerabilities
Last week severe zero-days in Atlassian Confluence, Fortinet devices, and Microsoft Office all needed patching following active exploits.
Read More...

From Feature to Vulnerability: a spring-security-oauth2-client Story

By Juan Aguirre on August 27, 2021 vulnerabilities
Taking a deeper dive into a Spring vulnerability and understanding how lack of control over resources can lead to a DoS (Denial of Service).
Read More...

What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities
ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...

This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites

By Ax Sharma on July 16, 2021 vulnerabilities
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS, that threatened the security, integrity, and availability of the wider supply chain.
Read More...

Kaseya Ransomware: a Software Supply Chain Attack or Not?

By Matt Howard on July 06, 2021 vulnerabilities
As companies scramble to address and resolve this devastating attack, we look at what makes a supply chain and what it takes to address upstream attacks.
Read More...

Sonatype Catches New PyPI Cryptomining Malware

By Ax Sharma on June 21, 2021 vulnerabilities
New malicious typosquatting packages infiltrating the PyPI repository identified that secretly pull in cryptominers.
Read More...

What You Need to Know about the Codecov Incident: A Supply Chain Attack Gone Undetected for 2 Months

By Ax Sharma on April 19, 2021 vulnerabilities
A new software supply chain attack on software testing firm Codecov highlights why developers to take an active role in protecting their systems.
Read More...