| | From Abuse to Alignment: Why We Need Sustainable Open Source Infrastructure (sonatype.com) |
| 2 points by pjmlp 3 months ago | past |
|
| | Exploring Rust Language Adoption (sonatype.com) |
| 2 points by droideqa 8 months ago | past |
|
| | Fake VS Code extension on NPM uses altered ScreenConnect utility as spyware (sonatype.com) |
| 2 points by axsharma 11 months ago | past |
|
| | State of the Software Supply Chain (2024) (sonatype.com) |
| 1 point by livealight on Oct 24, 2024 | past |
|
| | State of the Software Supply Chain (sonatype.com) |
| 1 point by mdp2021 on Oct 11, 2024 | past | 1 comment |
|
| | 10th Annual State of the Software Supply Chain [pdf] (sonatype.com) |
| 3 points by chha on Oct 10, 2024 | past |
|
| | Maven Central and the Tragedy of the Commons (sonatype.com) |
| 3 points by microflash on July 4, 2024 | past | 1 comment |
|
| | Maven Central and the Tragedy of the Commons (sonatype.com) |
| 7 points by hocuspocus on June 26, 2024 | past |
|
| | NPM flooded with 748 packages that store movies (sonatype.com) |
| 19 points by ben_s on Jan 28, 2024 | past | 8 comments |
|
| | State of the Software Supply Chain (2023) (sonatype.com) |
| 1 point by davelester on Oct 5, 2023 | past | 1 comment |
|
| | NPM packages caught exfiltrating Kubernetes config, SSH keys (sonatype.com) |
| 3 points by aa_is_op on Sept 26, 2023 | past |
|
| | Malware Monthly – March 2023 (sonatype.com) |
| 1 point by samaysharma on Aug 16, 2023 | past |
|
| | Stolen Information Stealers Are Fueling an Underground Market (sonatype.com) |
| 2 points by hortiz on Feb 28, 2023 | past |
|
| | BOM Doctor: Visualise and Patch Java SBOMS (sonatype.com) |
| 1 point by livealight on Feb 9, 2023 | past |
|
| | 8th Annual State of the Software Supply Chain (sonatype.com) |
| 1 point by chha on Oct 27, 2022 | past |
|
| | 8th State of the Software Supply Chain Report (sonatype.com) |
| 1 point by livealight on Oct 18, 2022 | past |
|
| | PyPI package 'secretslib' drops fileless Linux malware to mine Monero (sonatype.com) |
| 170 points by kungfudoi on Aug 12, 2022 | past | 60 comments |
|
| | PyPI: Python packets steal AWS keys from users (sonatype.com) |
| 168 points by modinfo on June 26, 2022 | past | 100 comments |
|
| | PyPI, NuGet, NPM Flooded with Roblox and Fortnite Spam: Why? (sonatype.com) |
| 2 points by livealight on Feb 15, 2022 | past |
|
| | Maven Central Log4j Download Dashboard (sonatype.com) |
| 1 point by knuckleheads on Jan 11, 2022 | past |
|
| | Log4shell by the Numbers (sonatype.com) |
| 2 points by jonbaer on Dec 15, 2021 | past |
|
| | Log4shell by the numbers- Why did CVE-2021-44228 set the Internet on Fire? (sonatype.com) |
| 1 point by livealight on Dec 14, 2021 | past |
|
| | [dupe] 0-Day Vulnerability on Log4j (sonatype.com) |
| 127 points by tbarbugli on Dec 10, 2021 | past | 4 comments |
|
| | Fake NPM Roblox API Package Installs Ransomware (sonatype.com) |
| 3 points by afrcnc on Oct 27, 2021 | past |
|
| | Apache Servers Vulnerability Actively Exploited in the Wild (sonatype.com) |
| 1 point by p4bl0 on Oct 6, 2021 | past |
|
| | Apache Servers Actively Exploited in the Wild and the Importance of Patching (sonatype.com) |
| 4 points by 1cvmask on Oct 5, 2021 | past |
|
| | State of the Software Supply Chain 2021 (sonatype.com) |
| 15 points by livealight on Sept 15, 2021 | past | 13 comments |
|
| | New PyPI Cryptomining Malware (sonatype.com) |
| 2 points by a-human on June 23, 2021 | past |
|
| | New PyPI Cryptomining Malware (sonatype.com) |
| 2 points by afrcnc on June 22, 2021 | past |
|
| | Why Namespacing Matters in Public Open Source Repositories (sonatype.com) |
| 2 points by riffraff on Feb 12, 2021 | past |
|
|
| More |
