Software Supply Chains Archives

Malicious package detection: Sonatype secures software supply chains

Aaron Linskens | May 5, 2025 | Detection, Forrester, Forrester SCA, Forrester Wave, Software Supply Chains

Malicious packages present a growing danger to software supply chains. From typosquatting attacks to sophisticated malware hidden within open source components, detecting and preventing malicious packages has become essential for ensuring the ...

2024 Sonatype Blog

Sonatype customers leading with innovation in the new year

Sonatype | January 6, 2025 | Customer Stories, Customer Success, Software Supply Chains, Sonatype Lifecycle, Sonatype Nexus Repository, Sonatype Repository Firewall

As we kick off 2025, software's role in our daily lives has never been more apparent, and the integrity of our open source components has never been more important. We have the ...

2024 Sonatype Blog

Checkmarx Report Surfaces Software Supply Chain Compromises

Michael Vizard | February 9, 2024 | Checkmarx, credentials, data, Software Security, Software Supply Chains

A Checkmarx report found 56% of attacks against software supply chains resulted in thefts of credential and confidential data ...

Security Boulevard

Mastering SBOMs: Best practices

Keiana King | February 6, 2024 | Development strategy, SBOM, Software Supply Chains, Sonatype webinar

In our recent webinar, Mastering SBOMs: Best Practices, speakers, including Ilkka Turunen, Field CTO, Sonatype, Roger Smith, Global Testing and Digital Assurance Lead, DXC Technology, and Marc Luescher, Solution Architect, AWS, shed ...

Sonatype Blog

Alert: NuGet Package SeroXen RAT Threat to .NET Developers

Wajahat Raja | October 24, 2023 | .net development, Cross Platform Development, Cybersecurity Best Practices, Cybersecurity News, cybersecurity threats, Deceptive Packages, Developer Security, malicious packages, NuGet Package, Open Source Ecosystem, Security Vulnerabilities, SeroXen RAT, Software Supply Chains, supply chain security

In a recent security issue, a deceptive NuGet package threatens .NET developers with the deployment of the SeroXen RAT, a harmful remote access trojan. Because the .NET framework is no longer limited ...

TuxCare

Software Supply Chain Risks for Low- and No-Code Application Development

Pascal Geenens | February 2, 2023 | Software Supply Chains, Threat Intelligence

Supply chain attacks occur when a third-party vendor or partner with less robust security measures is breached, allowing attackers to indirectly gain access to an organization. This can happen through backdoors planted ...

Radware Blog

What is the W4SP Information Stealer?

Richard Arneson | December 1, 2022 | Attack Types & Vectors, information stealer, Software Supply Chains, W4SP

Since mid-October, W4SP malware is attacking software supply chains; in this case, it's using Python packages to launch an information stealer. The post What is the W4SP Information Stealer? appeared first on ...

Radware Blog

OWASP® Global AppSec US 2021 Virtual – Ronen Slavin’s ‘Analyzing Google’s SLSA Framework For Securing Software Supply Chains’

Marc Handelman | May 14, 2022 | AppSec Conferences, Global AppSec US ’21, owasp, Software Supply Chains

Our thanks to both the OWASP® Foundation and the OWASP Global AppSec US 2021 Virtual Conference Presenters for publishing their well-crafted application security videos on the organization’s’ YouTube channel. Permalink ...

Infosecurity.US

‘Trojan Source’ Makes Scary Headlines—But it’s Not New

Richi Jennings | November 2, 2021 | Clearly not an issue for real developers as its not like they would copy and paste code off stackoverflow, open source risk, SB Blogwatch, Software Supply Chains, Trojan Source bug

Trojan Source “threatens the security of all code,” screams a widely shared article. Poppycock. There’s nothing new here ...

Security Boulevard

Consumer Confidence in Data Security Plummets

Nathan Eddy | August 24, 2021 | iam, Identity and Access Managemnet, principle of least privileges, Software Supply Chains, third-party risks

Organizations’ increasing use of contractors, freelancers and other third-party workers is weakening consumers’ trust in their data security, according to a study by SecZetta. The survey of more than 2,000 U.S. adults ...

Security Boulevard

Software Supply Chains

Malicious package detection: Sonatype secures software supply chains

Sonatype customers leading with innovation in the new year

Checkmarx Report Surfaces Software Supply Chain Compromises

Mastering SBOMs: Best practices

Alert: NuGet Package SeroXen RAT Threat to .NET Developers

Software Supply Chain Risks for Low- and No-Code Application Development

What is the W4SP Information Stealer?

OWASP® Global AppSec US 2021 Virtual – Ronen Slavin’s ‘Analyzing Google’s SLSA Framework For Securing Software Supply Chains’

‘Trojan Source’ Makes Scary Headlines—But it’s Not New

Consumer Confidence in Data Security Plummets

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On