Customer spotlight: Discover how Sonatype is helping lead the way in software supply chain security

Customer spotlight: Discover how Sonatype is helping lead the way in software supply chain security

With 2025 in full swing, it's clear this year will be transformational as the open source landscape continues to evolve faster than ever. Helping developers navigate this environment is why Sonatype exists, ...
Fake Solana packages target crypto devs, abuse Slack & ImgBB for data theft

Fake Solana packages target crypto devs, abuse Slack & ImgBB for data theft

Recently discovered malicious packages on the npmjs.com registry named "solanacore," "solana-login," and "walletcore-gen" target Solana crypto developers with Windows trojans and malware capable of keylogging and sensitive data exfiltration. Furthermore, these packages ...
Sonatype customers leading with innovation in the new year

Sonatype customers leading with innovation in the new year

As we kick off 2025, software's role in our daily lives has never been more apparent, and the integrity of our open source components has never been more important. We have the ...
Counterfeit Lodash attack leverages AnyDesk to target Windows users

Counterfeit Lodash attack leverages AnyDesk to target Windows users

npm packages identified by Sonatype recently are named similar to the vastly popular JavaScript library, lodash. These packages abuse typosquatting and carry within them a modified version of AnyDesk utility to target ...
Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight

Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight

Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ...
Npm packages conceal macOS malware in 'travis.yml' files, drop bogus  "Safari Updates"

Npm packages conceal macOS malware in ‘travis.yml’ files, drop bogus  “Safari Updates”

Three npm packages identified by Sonatype this week conceal malware in "travis.yml," a CI/CD build configuration file used by Travis CI. These packages contain metadata, description, and code copied from the legitimate ...
Exploit creator selling 250+ reserved npm packages on Telegram

Exploit creator selling 250+ reserved npm packages on Telegram

Recently, the Sonatype Security Research team identified more than 250 npm packages which are lucrative and convincing exploits, because these are named exactly like the open source projects coming from Amazon Web ...
'cors-parser' npm package hides cross-platform backdoor in PNG files

‘cors-parser’ npm package hides cross-platform backdoor in PNG files

'cors-parser' is neither a cure for Cross-Origin Resource Sharing (CORS) vulnerabilities nor a "parser" for interpreting same-origin policies of a website. Instead, the npm package employs a form of steganography to download ...
Russia-linked 'Lumma' crypto stealer now targets Python devs

Russia-linked ‘Lumma’ crypto stealer now targets Python devs

Imagine being a developer who's building the next-gen crypto app by using popular open source components to speed up coding. Instead, you end up including a package in your build that, does ...
PyPI crypto-stealer targets Windows users, revives malware campaign

PyPI crypto-stealer targets Windows users, revives malware campaign

Sonatype has discovered 'pytoileur', a malicious PyPI package hiding code that downloads and installs trojanized Windows binaries capable of surveillance, achieving persistence, and crypto-theft. Our discovery of the malware led us to ...