Elevate your organization’s success: Submissions now open for the 2025 Sonatype Elevate Awards
We are thrilled to announce that the 2025 Sonatype Elevate Awards are officially open for submissions ...
Shadow downloads – How developers have become the new perimeter
With great power comes great responsibility ...
5 reasons to not miss Sonatype at RSAC 2025
RSA Conference (RSAC) brings together cybersecurity practitioners from across the globe to learn about the latest cybersecurity defense strategies and tools, connect with industry peers, and share knowledge about the threat landscape ...
What’s happening with MITRE and the CVE program uncertainty
Yesterday's headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today ...
Open Source Malware Index Q1 2025: Data exfil threats rising sharply
Sonatype's ongoing mission is to equip organizations with the most up-to-date information on open source security threats. As part of that commitment, we will be sharing data and insights on a quarterly ...
Using Sonatype Nexus Repository with the new Docker Hub rate limits
Beginning April 1, 2025, Docker is going to introduce new pull rate limits in Docker Hub, which follow previous limits introduced in 2020. In this blog, we will discuss how Docker Hub's ...
How SBOMs drive a smarter SCA strategy
Modern software is largely assembled from open source components, constituting up to 90% of today's codebases. Managing the security and compliance risks associated with this external code is no longer optional — ...
Multiple crypto packages hijacked, turned into info-stealers
Sonatype has identified multiple npm cryptocurrency packages, latest versions of which have been hijacked and altered to steal sensitive information such as environment variables from the target victims ...
Apache Tomcat: Vulnerable versions downloaded nearly 100K times since PoC
A rapidly exploited vulnerability with a major blast radius A recently disclosed vulnerability in Apache Tomcat, CVE-2025-24813, is drawing significant attention due to its ease of exploitation, rapid adoption by attackers, and ...
Beyond open vs. closed: Understanding the spectrum of AI transparency
Artificial intelligence (AI) is transforming industries, from software development to cybersecurity. But as AI adoption grows, so does the discussion around its accessibility and transparency. Unlike traditional software, where the concept of ...
