Collaborate Disseminate
Microsoft has officially announced changes to the NuGet Gallery. The NuGet V2 protocol makes use of a query mechanism called OData. Microsoft is planning to deprecate certain OData queries, which began with a limited test schedule in November, bef… Continue reading Nexus Repository & Microsoft NuGet Gallery: OData Changes for NuGet V2
In this post, we’ll take a look at three types of bot-generated mouse interactions and we’ll discuss how these can be automatically detected. See if you can pick out the bot mouse movements from the human ones!
The post Bot or Not: Can you spot the aut… Continue reading Bot or Not: Can you spot the automated mouse movements?
By Seth Hall, Co-Founder & Chief Evangelist, Corelight Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise orga… Continue reading Small, fast and easy. Pick any three.
Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today’s popular cloud-native environments.
The pos… Continue reading Open Source and Cloud Security Together at Last
Development teams building applications use Nexus Repository (Nexus) to store and manage all of their components, build artifacts, and containers. It provides an efficient way to locally cache myriad types of software packages, and enables users t… Continue reading Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits
This week, the Sonatype Security Research team has identified a series of counterfeit components in the npm ecosystem. These intentionally malicious packages seem to be doing similar, shady things to the malicious “fallguys” npm package discovered… Continue reading Discord.dll: successor to npm “fallguys” malware went undetected for 5 months
As if the increasing attacks on the open source ecosystem and vulnerabilities making headlines weren’t scary enough events, this Halloween devs were exposed to another malicious trick.
The post Trick or treat: that `twilio-npm` package is brandja… Continue reading Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!
My colleague has two kids, ages 9 and 12. Since the COVID lockdowns they have been playing more online games and each of them use Discord to chat with their friends during gameplay. Did my colleague or the millions of other Discord users think t… Continue reading Discord squashes critical Electron bugs: open source attacks continue to grow
By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in… Continue reading Community ID support for Wireshark
By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in… Continue reading Community ID support for Wireshark