Security Vulnerabilities

pac4j CVE-2026-29000: Sonatype Finds 18 Additional Packages

| | Authentication, CVE, CVSS, framework, Java, Open Source Intelligence, Security Vulnerabilities, Sonatype Guide, Sonatype Lifecycle, vulnerability
A newly disclosed critical vulnerability in the widely used pac4j authentication framework is drawing attention across the open source community. Tracked as CVE-2026-29000, the flaw affects the pac4j-jwt library, which is commonly ...
2024 Sonatype Blog

Modern Vulnerability Management in the Age of AI

| | AI, Artificial Intelligence, open source, Open Source Intelligence, security, Security Vulnerabilities, Vulnerabilities
Vulnerability management today is not failing because teams stopped scanning. It's failing because the ground underneath it shifted. The approach we've relied on — complete advisory data, upstream fixes on demand, and ...
2024 Sonatype Blog
Is Ring’s “Search Party” Helping Pets — or Normalizing Surveillance? #podcast

Ring’s Search Party ‘Dystopia’ Debate & Claude Zero-Click RCE Vulnerability

| | AI Assistants, AI Security, amazon, Camera Systems, Claude Desktop, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, Dumb Phones, Dystopia, Episodes, facial recognition, Flock, Gen Z, home security, Information Security, Infosec, law enforcement, Pet Tracking, Podcast, Podcasts, Privacy, prompt injection, Remote Code Execution, Ring, Search Party, security, Security Vulnerabilities, smart home, smartphones, super bowl, surveillance, technology, Technology Ethics, Weekly Edition, Zero-Click Exploit
In this episode, we discuss two major tech stories impacting privacy and security. First, we analyze Ring’s new AI-powered ‘Search Party’ feature and its controversial Super Bowl ad that sparked privacy concerns ...
Shared Security Podcast
AI Agents Gone Wild: The Cybersecurity Risks of OpenClaw & Moltbook! #podcast

OpenClaw & Moltbook: AI Agents and Cybersecurity Risks

| | AI agents, AI Assistants, ai ethics, API exploits, autonomous AI, code security, Cyber Security, Cybersecurity, Data Privacy, Dating Apps, Digital Privacy, enterprise ai, Episodes, Information Security, Infosec, LLM Training, machine learning, Moltbook, open source, OpenClaw, Podcast, Podcasts, Privacy, Privacy Concerns, security, Security Vulnerabilities, Social networks, Tech Hype, technology, Vibe Coding, Weekly Edition
Autonomous AI assistants are hitting the mainstream — but at what cost? This week, we discuss the recent OpenClaw phenomenon (formerly Clawdbot/Moltbot), the security fiasco surrounding Moltbook’s exposed database, and the quirky ...
Shared Security Podcast
Years-Old Apache Struts2 Vulnerability Downloaded 325K+ Times in the Past Week

Years-Old Apache Struts2 Vulnerability Downloaded 325K+ Times in the Past Week

| | CVE, Known Vulnerabilities, Security Research, Security Vulnerabilities, vulnerability, Vulnerability Disclosure, vulnerable components
Key Takeaways: ...
2024 Sonatype Blog
vulnerabilities, root cause, Microsoft Storm-1152 fake accounts CaaS

Turkish Security Researcher Gets Nod From NASA Over Vulnerability Discoveries 

| | Breach Readiness, bugcrowd, Building Trust in Cybersecurity., Cyber Threat Management, Cyberdefenders, cybersecurity research, ethical hacking, Independent Researchers, NASA, Order of the British Empire, Recognition in Cybersecurity, responsible disclosure, Security Vulnerabilities, Vulnerability Disclosure Program
NASA acknowledges independent researcher Hasan İsmail Gülkaya for discovering vulnerabilities through its Vulnerability Disclosure Program, highlighting the importance of ethical hacking in cybersecurity ...
Security Boulevard
Outpace Malware, Build Faster, and Secure Software With Real-Time Protection

Outpace Malware, Build Faster, and Secure Software With Real-Time Protection

| | CVE, Malware, open source, open-source malware, Security Vulnerabilities, Sonatype Repository Firewall
Modern software teams are under pressure to move fast, innovate faster, and deliver continuously. At the same time, attackers are evolving just as quickly, and in many cases, faster than the tools ...
2024 Sonatype Blog
Unnecessary Risk: The Persistence of Open Source Vulnerabilities

Unnecessary Risk: The Persistence of Open Source Vulnerabilities

| | Log4j, Log4Shell, open source risks, persistence, Security Research, Security Vulnerabilities, vulnerable components
Log4Shell was supposed to be the wake-up call that changed everything. Four years later, the data says otherwise ...
2024 Sonatype Blog
Unprecedented Automation: IndonesianFoods Pits Open Source Against Itself

Unprecedented Automation: IndonesianFoods Pits Open Source Against Itself

| | Application Security, Malware, Malware Analysis, Security Research, Security Vulnerabilities, Supply Chain Attacks
Over the past year, we've seen a steady drumbeat of supply chain incidents targeting npm — each slightly different, but collectively pointing to the same truth: the open source ecosystem is being ...
2024 Sonatype Blog

Defeating OTP Safeguards Unveiling Bypass Methods and Fortification Strategies

| | OTP bypass, Security Vulnerabilities, two factor authentication
Learn about common OTP bypass techniques and effective mitigation strategies to strengthen your authentication systems. Protect against SMS interception, social engineering, and more ...
MojoAuth - Advanced Authentication & Identity Solutions
Load more