Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack
3 minute read time
Sonatype covers how Ledger, a maker of hardware wallets for storing crypto, identified malicious software embedded in one of their open source packages
Read More...
Dependency mapping: A beginner's guide
8 minute read time
Explore dependency mapping, what it is, the benefits of mapping dependencies, and some tools that make the process easier.
Read More...
Open source risk management: Safeguarding software integrity
6 minute read time
Explore open source risk management as the identification and mitigation of security, compliance, and operational risks with using open source software
Read More...
A closer look: Differentiating software vulnerabilities and malware
7 minute read time
Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain
Read More...
Malware Monthly - March 2023
12 minute read time
March 2023's Malware Monthly dives into a series of information stealers uploaded to the PyPI registry, the latest OpenAI data leak, and more.
Read More...
Last week's OpenAI payment data and chat history leak involved a Race Condition vulnerability in an open source component, Redis.
Read More...
Top 8 malicious attacks recently found on PyPI
13 minute read time
Eight malicious attacks on PyPI recently caught our Security Research Team's eye. Get the details about the actions and motivations of the attackers.
Read More...
Malware Monthly - February 2023
8 minute read time
The February 2023 edition of Malware Monthly shares insights into copycat information stealers, malware linked to video game mods, and more.
Read More...
Attacker floods PyPI with 1000s of malicious packages that drop Windows trojan via Dropbox
3 minute read time
A threat actor has infiltrated the PyPI software registry with 1,000s of malicious packages at one time.
Read More...