Sonatype Security Research Team – WindowsTechs.com

CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains

Posted on January 20, 2021 by Sonatype Security Research Team

On January 16th, Sonatype became aware of 3 malicious packages that were published to npm, and leveraged brandjacking and typosquatting techniques that we previously warned about.
The post CursedGrabber strikes again: Sonatype spots new malware c… Continue reading CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains→

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

Posted on January 13, 2021 by Sonatype Security Research Team

On January 7th, Sonatype became aware of 3 malicious brandjacking components which were published to the Maven Central Repository in the last week of 2020.
The post Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community… Continue reading Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community→

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

Posted on August 11, 2020 by Sonatype Security Research Team

In addition to regular vulnerability data research, the Sonatype Security Research Team also contributes to the open-source community by going the extra mile when we discover flaws that were previously not reported. Recall, earlier this year when … Continue reading CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`→