malicious injection Archives

Protecting your development environment: Lessons from Log4j and beyond

Aaron Linskens | June 3, 2024 | DEVOPS, malicious injection, open source risks, software supply chain

Open source undeniably fuels innovation and agility in software development today ...

2024 Sonatype Blog

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma

Ilkka Turunen | April 1, 2024 | Everything Open Source, FEATURED, malicious injection, News and Views, software supply chain

As sure as long weekends arrive in the western world, so too does news of new supply chain attacks. The easter bank holidays were no exception, with the discovery of a targeted ...

Sonatype Blog

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Ilkka Turunen | April 1, 2024 | Everything Open Source, FEATURED, malicious injection, News and Views, software supply chain

As sure as long weekends arrive in the western world, so too does news of new supply chain attacks. The easter bank holidays were no exception, with the discovery of a targeted ...

Sonatype Blog

Octopus Scanner Compromises 26 OSS Projects on GitHub

Brian Fox | May 31, 2020 | #OSSsecurity, embedded malicious code, FEATURED, malicious injection, malware prevention, News and Views, octopus scanner, Software Composition Analysis

Updated from original May 29th post. Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, ...

Sonatype Blog

Octopus Malware Compromises 26 OSS Projects on GitHub

Brian Fox | May 29, 2020 | #OSSsecurity, embedded malicious code, malicious injection, malware prevention, News and Views, Software Composition Analysis

Updated from original May 29th post. Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, ...

Sonatype Blog