Nexus Intelligence – WindowsTechs.com

Discord.dll: successor to npm “fallguys” malware went undetected for 5 months

Posted on November 9, 2020 by Ax Sharma

This week, the Sonatype Security Research team has identified a series of counterfeit components in the npm ecosystem. These intentionally malicious packages seem to be doing similar, shady things to the malicious “fallguys” npm package discovered… Continue reading Discord.dll: successor to npm “fallguys” malware went undetected for 5 months→

Discord squashes critical Electron bugs: open source attacks continue to grow

Posted on October 21, 2020 by Ax Sharma

My colleague has two kids, ages 9 and 12. Since the COVID lockdowns they have been playing more online games and each of them use Discord to chat with their friends during gameplay. Did my colleague or the millions of other Discord users think t… Continue reading Discord squashes critical Electron bugs: open source attacks continue to grow→

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

Posted on August 11, 2020 by Sonatype Security Research Team

In addition to regular vulnerability data research, the Sonatype Security Research Team also contributes to the open-source community by going the extra mile when we discover flaws that were previously not reported. Recall, earlier this year when … Continue reading CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`→

Nexus Intelligence Insights:CVE-2020-13935 – Apache Tomcat Websocket – Denial of Service (DoS)

Posted on July 29, 2020 by Akshay 'Ax' Sharma

For July’s Nexus Intelligence Insight we take a deep dive into a Denial of Service (DoS) vulnerability impacting the popular Apache Tomcat Websocket component.
The post Nexus Intelligence Insights:CVE-2020-13935 – Apache Tomcat Websock… Continue reading Nexus Intelligence Insights:CVE-2020-13935 – Apache Tomcat Websocket – Denial of Service (DoS)→

New in Nexus Repository 3.23: Nexus Intelligence via npm audit

Posted on May 13, 2020 by Brent Kostak

We are excited to announce the official release of Nexus Repository 3.23. In this release, we continue the story of our enhanced JavaScript support with the new Nexus Intelligence via npm audit feature** available to both Nexus Repository OSS and … Continue reading New in Nexus Repository 3.23: Nexus Intelligence via npm audit→

Nexus Platform – 2019 Year in Review

Posted on December 30, 2019 by Michelle Dufty

Wow, is 2019 over? The year has gone by quickly and it’s probably because we have been so busy at Sonatype, continuing to develop new features for the Nexus Platform. Identifying market trends and listening to our customers is what drives th… Continue reading Nexus Platform – 2019 Year in Review→

The Dot Zero Conundrum and the New Frontier of Securing Open Source

Posted on September 24, 2019 by Brian Fox

Over the past two years, I’ve spoken about more than 20 instances of adversaries intentionally publishing malicious components into public open source and container repositories. Adversaries used these attacks to mine cryptocurrency, steal p… Continue reading The Dot Zero Conundrum and the New Frontier of Securing Open Source→