| | State of the Software Supply Chain (2024) (sonatype.com) |
|
1 point by livealight 12 days ago | past | discuss
|
|
| | State of the Software Supply Chain (sonatype.com) |
|
1 point by mdp2021 25 days ago | past | 1 comment
|
|
| | 10th Annual State of the Software Supply Chain [pdf] (sonatype.com) |
|
3 points by chha 26 days ago | past
|
|
| | Maven Central and the Tragedy of the Commons (sonatype.com) |
|
3 points by microflash 4 months ago | past | 1 comment
|
|
| | Maven Central and the Tragedy of the Commons (sonatype.com) |
|
7 points by hocuspocus 4 months ago | past
|
|
| | NPM flooded with 748 packages that store movies (sonatype.com) |
|
19 points by ben_s 9 months ago | past | 8 comments
|
|
| | State of the Software Supply Chain (2023) (sonatype.com) |
|
1 point by davelester on Oct 5, 2023 | past | 1 comment
|
|
| | NPM packages caught exfiltrating Kubernetes config, SSH keys (sonatype.com) |
|
3 points by aa_is_op on Sept 26, 2023 | past
|
|
| | Malware Monthly – March 2023 (sonatype.com) |
|
1 point by samaysharma on Aug 16, 2023 | past
|
|
| | Stolen Information Stealers Are Fueling an Underground Market (sonatype.com) |
|
2 points by hortiz on Feb 28, 2023 | past
|
|
| | BOM Doctor: Visualise and Patch Java SBOMS (sonatype.com) |
|
1 point by livealight on Feb 9, 2023 | past
|
|
| | 8th Annual State of the Software Supply Chain (sonatype.com) |
|
1 point by chha on Oct 27, 2022 | past
|
|
| | 8th State of the Software Supply Chain Report (sonatype.com) |
|
1 point by livealight on Oct 18, 2022 | past
|
|
| | PyPI package 'secretslib' drops fileless Linux malware to mine Monero (sonatype.com) |
|
170 points by kungfudoi on Aug 12, 2022 | past | 60 comments
|
|
| | PyPI: Python packets steal AWS keys from users (sonatype.com) |
|
168 points by modinfo on June 26, 2022 | past | 100 comments
|
|
| | PyPI, NuGet, NPM Flooded with Roblox and Fortnite Spam: Why? (sonatype.com) |
|
2 points by livealight on Feb 15, 2022 | past
|
|
| | Maven Central Log4j Download Dashboard (sonatype.com) |
|
1 point by knuckleheads on Jan 11, 2022 | past
|
|
| | Log4shell by the Numbers (sonatype.com) |
|
2 points by jonbaer on Dec 15, 2021 | past
|
|
| | Log4shell by the numbers- Why did CVE-2021-44228 set the Internet on Fire? (sonatype.com) |
|
1 point by livealight on Dec 14, 2021 | past
|
|
| | [dupe] 0-Day Vulnerability on Log4j (sonatype.com) |
|
127 points by tbarbugli on Dec 10, 2021 | past | 4 comments
|
|
| | Fake NPM Roblox API Package Installs Ransomware (sonatype.com) |
|
3 points by afrcnc on Oct 27, 2021 | past
|
|
| | Apache Servers Vulnerability Actively Exploited in the Wild (sonatype.com) |
|
1 point by p4bl0 on Oct 6, 2021 | past
|
|
| | Apache Servers Actively Exploited in the Wild and the Importance of Patching (sonatype.com) |
|
4 points by 1cvmask on Oct 5, 2021 | past
|
|
| | State of the Software Supply Chain 2021 (sonatype.com) |
|
15 points by livealight on Sept 15, 2021 | past | 13 comments
|
|
| | New PyPI Cryptomining Malware (sonatype.com) |
|
2 points by a-human on June 23, 2021 | past
|
|
| | New PyPI Cryptomining Malware (sonatype.com) |
|
2 points by afrcnc on June 22, 2021 | past
|
|
| | Why Namespacing Matters in Public Open Source Repositories (sonatype.com) |
|
2 points by riffraff on Feb 12, 2021 | past
|
|
| | Why Namespacing Matters in Public Open Source Repositories (sonatype.com) |
|
2 points by anuragsoni on Feb 11, 2021 | past
|
|
| | Why Namespacing Matters in Public Open Source Repositories (sonatype.com) |
|
1 point by kasperni on Feb 11, 2021 | past
|
|
| | Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Orgs (sonatype.com) |
|
3 points by stevetodd on Feb 10, 2021 | past
|
|
|
|
More |
