Skip Navigation

Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library

By Ax Sharma on February 05, 2024 vulnerability

5 minute read time

It might be a little known fact that one of the high severity zero-days found in Ivanti devices is actually present in an open source component that the company has deployed in its products. Ivanti's
Read More...

npm flooded with 748 packages that store movies

By Ax Sharma on January 25, 2024 vulnerabilities

4 minute read time

The Sonatype Security Research team came across 748 packages flooding the npm software registry.
Read More...

Fake 'distube-config' npm package drops Windows info-stealing malware

By Ax Sharma on January 24, 2024 vulnerabilities

3 minute read time

Sonatype identified two npm packages that typosquat open source packages like Discord modules, in an attempt to infect Windows users with a Trojan
Read More...

What is the OWASP Top 10?

By Aaron Linskens on January 12, 2024 vulnerabilities

7 minute read time

Discover the significance of OWASP in cybersecurity – What is OWASP and why it is vital for developers and organizations? Dive deeper with Sonatype.
Read More...

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

By Jeff Wayman on December 14, 2023 vulnerabilities

6 minute read time

The recent identification of CVE-2023-50164 in Apache Struts is quite similar to other vulnerabilities Sonatype has seen and covered in the past.
Read More...

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

By Ilkka Turunen on December 14, 2023 vulnerabilities

3 minute read time

Sonatype covers how Ledger, a maker of hardware wallets for storing crypto, identified malicious software embedded in one of their open source packages
Read More...

Dependency mapping: A beginner's guide

By Aaron Linskens on October 20, 2023 vulnerabilities

8 minute read time

Explore dependency mapping, what it is, the benefits of mapping dependencies, and some tools that make the process easier.
Read More...

Open source risk management: Safeguarding software integrity

6 minute read time

Explore open source risk management as the identification and mitigation of security, compliance, and operational risks with using open source software
Read More...

A closer look: Differentiating software vulnerabilities and malware

By Aaron Linskens on July 11, 2023 vulnerabilities

7 minute read time

Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain
Read More...