FEATURED
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
Over the Thanksgiving weekend, Sonatype discovered new malware within the npm registry. This time, the typosquatting packages identified by us are laced with a popular Remote Access Trojan (RAT) ...
SSH Certificates and their Real-World Applications
The ongoing pandemic has pushed many organizations to direct their employees to work from home, necessitating a switch to a public cloud infrastructure. Naturally, this raises data security concerns, as companies worry ...
Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware
Sonatype has discovered more malware in the npm registry which, following our analysis and multiple cyber threat intelligence reports, has led to the discovery of a novel and large scale malware campaign ...
Open Source and Cloud Security Together at Last
Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today's popular cloud-native ...
Top 10 Cyber Security Trends to Watch out for in 2021
If we look back at 2020, the main theme is disruption. Although business leaders are used to some level of constant change, COVID-19 impacted the world in ways no one could have ...
Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits
Development teams building applications use Nexus Repository (Nexus) to store and manage all of their components, build artifacts, and containers. It provides an efficient way to locally cache myriad types of software ...
Discord.dll: successor to npm “fallguys” malware went undetected for 5 months
This week, the Sonatype Security Research team has identified a series of counterfeit components in the npm ecosystem. These intentionally malicious packages seem to be doing similar, shady things to the malicious ...
Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers
Just months after Octopus Scanner was caught infecting 26 open-source projects on GitHub, new reports have already surfaced of another, new sophisticated malware infection. Gitpaste-12, a worming botnet, is extremely versatile in ...
Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!
As if the increasing attacks on the open source ecosystem and vulnerabilities making headlines weren’t scary enough events, this Halloween devs were exposed to another malicious trick. ...
Discord squashes critical Electron bugs: open source attacks continue to grow
My colleague has two kids, ages 9 and 12. Since the COVID lockdowns they have been playing more online games and each of them use Discord to chat with their friends during ...
