Sonatype Security Research Team, Author at Security Boulevard

CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains

On January 16th, Sonatype became aware of 3 malicious packages that were published to npm, and leveraged brandjacking and typosquatting techniques that we  previously warned about ... Read More

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

On January 7th, Sonatype became aware of 3 malicious brandjacking components which were published to the Maven Central Repository in the last week of 2020.  ... Read More

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

In addition to regular vulnerability data research, the Sonatype Security Research Team also contributes to the open-source community by going the extra mile when we discover flaws that were previously not reported. Recall, earlier this year when our team had discovered they could bypass a fix made to the SheetJS ... Read More