Featured Article

New Design, New Features: Maven Central Improvements for Developers

By Amanda Yeo on March 28, 2023 open source security

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.

This Week in Malware - Over 70 Packages Discovered

By Aaron Linskens on October 28, 2022 vulnerabilities

2 minute read time

This week, we discovered and analyzed six dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.

Read More...

Warning message on a screen, hands thrown up in frustration

This Week in Malware - Nearly 40 Packages Discovered

By Aaron Linskens on October 21, 2022 vulnerabilities

2 minute read time

This week in malware, we discovered and analyzed nearly 40 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.

Read More...

This Week in Malware - Over 50 Packages Discovered

By Aaron Linskens on October 14, 2022 vulnerabilities

2 minute read time

This week we discovered and analyzed nearly 5 dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.

Read More...

This Week in Malware - Over 100 Packages Discovered

By Aaron Linskens on October 07, 2022 vulnerabilities

6 minute read time

This week in malware, we discovered and analyzed more than 100 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.

Read More...

This Week in Malware - 135 Packages Target npm and PyPI Registries

By Aaron Linskens on September 30, 2022 vulnerabilities

3 minute read time

This week in malware, we discovered and analyzed 135 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.

Read More...

Despite What Some Vendors Say, Please Don’t Ignore Log4j

By Stephen Magill on September 26, 2022 Nexus Lifecycle

5 minute read time

Ignoring Log4j and recommending that high-risk open source vulnerabilities be left in application code isn't just irresponsible, it's dangerous.

Read More...

This Week in Malware - Over Five Dozen More Packages Discovered

By Aaron Linskens on September 23, 2022 vulnerabilities

2 minute read time

This week in malware we discovered and analyzed over five dozen packages flagged as malicious, suspicious, or dependency confusion attacks.

Read More...

This Week in Malware - Almost 100 Packages

By Aaron Linskens on September 16, 2022 vulnerabilities

2 minute read time

This week in malware Sonatype discovered and analyzed over seven dozen packages flagged as malicious, suspicious, or dependency confusion attacks.

Read More...

Rule Over Your Dependencies and Scan at Your Own Open Source Risk

By Aaron Linskens on September 13, 2022 vulnerabilities

5 minute read time

A good way to make sure that your organization's vulnerabilities don't go unnoticed is conducting regular scans of open source used in your environments.

Read More...

Previous Next

New Design, New Features: Maven Central Improvements for Developers

This Week in Malware - Over 70 Packages Discovered

This Week in Malware - Nearly 40 Packages Discovered

This Week in Malware - Over 50 Packages Discovered

This Week in Malware - Over 100 Packages Discovered

This Week in Malware - 135 Packages Target npm and PyPI Registries

Despite What Some Vendors Say, Please Don’t Ignore Log4j

This Week in Malware - Over Five Dozen More Packages Discovered

This Week in Malware - Almost 100 Packages

Rule Over Your Dependencies and Scan at Your Own Open Source Risk

Secure your software supply chain

Subscribe for all the latest software security news and events