#OSSsecurity

Ideal typosquat ‘solana-py’ steals your crypto wallet keys

| | #OSSsecurity, firewall, malware prevention, Vulnerabilities
The legitimate Solana Python API project is known as "solana-py" on GitHub, but simply "solana" on the Python software registry, PyPI. This slight naming discrepancy has been leveraged by a threat actor ...
2024 Sonatype Blog

ZeroTrustOps: Securing at Scale

| | #OSSsecurity, 2019 All Day DevOps, Application Security, AppSec, DevSecOps
Let’s start simply. How many of you are tired of hearing the term “zero trust”? And what does “zero trust” even mean? Wendy Nather (@WendyNather) explains in her All Day DevOps presentation ...
Sonatype Blog

Octopus Scanner Compromises 26 OSS Projects on GitHub

| | #OSSsecurity, embedded malicious code, FEATURED, malicious injection, malware prevention, News and Views, octopus scanner, Software Composition Analysis
Updated from original May 29th post. Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, ...
Sonatype Blog

Octopus Malware Compromises 26 OSS Projects on GitHub

| | #OSSsecurity, embedded malicious code, malicious injection, malware prevention, News and Views, Software Composition Analysis
Updated from original May 29th post. Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, ...
Sonatype Blog