Featured Article
Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day
Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day
3 minute read time
Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week
Read More...
Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.
Read More...
Last week's OpenAI payment data and chat history leak involved a Race Condition vulnerability in an open source component, Redis.
Read More...
Perception versus reality: A data-driven look at open source risk management
2 minute read time
Get insights, background, and data and key takeaways from the 8th Annual State of the Software Supply Chain report. Hosted by Dr. Stephen Magill.
Read More...
CVE-2022-31289: Neither bug nor vulnerability
3 minute read time
A recent report of a Nexus Repository vulnerability is not a security concern and no software update is required. A look at issue and similar concerns.
Read More...
Nexus Intelligence Insights: Protect Your Bitcoin from 700+ Malicious RubyGems with sonatype-2020-0196
3 minute read time
Crafty attackers take advantage of the open source software supply chain through typographical errors. Not even the most sophisticated devs are immune.
Read More...
Top 5 Tomcat Vulnerabilities
3 minute read time
If you spend time monitoring and patching OSS projects, you know Tomcat has some vulnerabilities. Today, Tomitribe walked us through 5 of those vulnerabilities.
Read More...
In the Dark about Software Supply Chain Vulnerabilities
2 minute read time
The Barium attacks, revealed earlier this month, highlight new, pervasive tactics that are exceptionally dangerous.
Read More...
Nexus Intelligence Insights: CVE-2019-0232 - Apache Tomcat CGI Servlet Remote Code Execution
3 minute read time
Learn about a very popular component used by developers worldwide. Say hello to CVE-2019-0232, a remote code execution vulnerability.
Read More...