Sonatype dévoile sa solution complète de gestion de la chaîne logistique logicielle | Communiqué de presse
See incredible research performed (24x7x365) by our team. Learn how open source exploits work. Get expert guidance on how to remediate risk.
Over the weekend, Sonatype spotted a rather unique malware sample published to the npm registry, within a day of its release on npm.
Guess who's back? Earlier this month, CVE-2021-22114 in spring-integration-zip, returned for the second time to cause havoc.
We’ve seen so many software supply chain attacks in recent weeks that it’s hard for us to talk about all of them. But, in the last 24 hours, we’ve seen two major issues that are important for
This week, a vigilante actor flooded PyPI and npm repositories with nearly 5,000 dependency confusion packages.
Sonatype has identified new “dependency confusion” packages published to the npm ecosystem that are malicious in nature.
Just three days ago on February 9th, Sonatype released our findings on Alex Birsan’s research in which he used the “dependency or namespace confusion” technique to push his malicious
Today, news broke that a security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack.
On January 16th, Sonatype became aware of 3 malicious packages that were published to npm, and leveraged brandjacking and typosquatting techniques that we previously warned about.
On January 7th, Sonatype became aware of 3 malicious brandjacking components which were published to the Maven Central Repository in the last week of 2020.
This month, RubyGems removed 2 gems from its open source software repository that contained malicious code. These gems, tracked as sonatype-2020-1222 by us, are:
Over the Thanksgiving weekend, Sonatype discovered new malware within the npm registry. This time, the typosquatting packages identified by us are laced with a popular Remote Access Trojan (RAT).
Sonatype has discovered more malware in the npm registry which, following our analysis and multiple cyber threat intelligence reports, has led to the discovery of a novel and large scale malware
This week, the Sonatype Security Research team has identified a series of counterfeit components in the npm ecosystem. These intentionally malicious packages seem to be doing similar, shady things
Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102
Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia
London Office -168 Shoreditch High Street, E1 6HU London
Copyright © 2008-présent, Sonatype Inc. Tous droits réservés. Inclut les codes de tiers listés ici. Sonatype et Sonatype Nexus sont des marques déposées de Sonatype, Inc. Apache Maven et Maven sont des marques déposées d'Apache Software Foundation. M2Eclipse est une marque déposée d'Eclipse Foundation. Toutes les autres marques déposées sont la propriété de leur détenteur respectif.
Conditions de service Politique de confidentialité Event Terms and Conditions