Sonatype

EU Cyber Resilience Act is a threat to open source in Europe, industry 

Open Source

EU Cyber Resilience Act is a threat to open source in Europe, industry 

Legislation, which passed last week, criticised for a lack of understanding of the open source model

clock 24 July 2023 • 4 min read
Critical zero-day bug, first since Heartbleed, identified in OpenSSL

Threats and Risks

Critical zero-day bug, first since Heartbleed, identified in OpenSSL

New version to be released 1st November. Organisations should act now to track down OpenSSL 3.0.x in their infrastructure, warns Sonatype

clock 27 October 2022 • 2 min read
Malicious 'typosquat' Python packages with ransomware scripts discovered

Threats and Risks

Malicious 'typosquat' Python packages with ransomware scripts discovered

Victims are offered the decryption key without payment, but the prank demonstrates how easy such an attack can be

clock 03 August 2022 • 3 min read
Open source dev sabotages own library to target Russian and Belarusian users

Threats and Risks

Open source dev sabotages own library to target Russian and Belarusian users

Initial versions of 'protestware' module added to npm-ipc wiped data on users' devices

clock 18 March 2022 • 4 min read
Researchers warn of malicious typosquatting packages making their way into open source repositories

Threats and Risks

Researchers warn of malicious typosquatting packages making their way into open source repositories

Malicious typosquatting packages prey on naive users or developers who make a slight typographical error

clock 04 March 2022 • 2 min read
'Especially dangerous' Java zero day discovered, same type as used in Equifax breach

Threats and Risks

'Especially dangerous' Java zero day discovered, same type as used in Equifax breach

Patch Log4j urgently admins urged, as memories of 2017 Equifax hack loom large

clock 10 December 2021 • 2 min read

Security Technology

Identity & Access Management tools now the most common source of cloud misconfiguration bugs, report

IAM misconfiguration has played an increasing role in cloud breaches over the past few years, finds Sonatype/Fugue research

clock 23 July 2021 • 2 min read

DevOps

How can DevOps coexist with legacy monolithic applications?

Panellists at Computing's DevOps Summit describe their experience of bimodal IT

clock 20 September 2017 • 3 min read