Sonatype

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks

Aikido Security, Aqua Security, Checkmarx, Don't miss, Hot stuff, Malware, News, open source, PyPI, Sonatype, supply chain attacks, supply chain compromise, Wiz /

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks 2026-03-25 at 14:01 By Zeljka Zorz A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular […]

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks Read More »

Open-source malware zeroes in on developer environments

cybersecurity, Don't miss, Malware, News, open source, report, Sonatype, vulnerability management /

Open-source malware zeroes in on developer environments 2026-01-29 at 08:36 By Anamarija Pogorelec Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader shift in supply chain attacks away from end users and toward the tools, machines, and pipelines used to

Open-source malware zeroes in on developer environments Read More »

What happens when vulnerability scores fall apart?

CVE, cybersecurity, News, open source, report, risk, software development, Sonatype, vulnerability disclosure /

What happens when vulnerability scores fall apart? 2025-11-24 at 07:54 By Anamarija Pogorelec Security leaders depend on vulnerability data to guide decisions, but the system supplying that data is struggling. An analysis from Sonatype shows that core vulnerability indexes no longer deliver the consistency or speed needed for the current software environment. A system that

What happens when vulnerability scores fall apart? Read More »

Open source has a malware problem, and it’s getting worse

cybersecurity, Don't miss, Malware, News, open source, PyPI, report, Sonatype /

Open source has a malware problem, and it’s getting worse 2025-07-10 at 08:27 By Help Net Security Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204.

Open source has a malware problem, and it’s getting worse Read More »

Development vs. security: The friction threatening your code

Application Security, cybersecurity, DevSecOps, Endor Labs, GitLab, News, software, Sonatype, strategy /

Development vs. security: The friction threatening your code 2025-06-03 at 07:32 By Sinisa Markovic Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s critical that security doesn’t block or decelerate the development process or become a barrier

Development vs. security: The friction threatening your code Read More »

Open-source malware doubles, data exfiltration attacks dominate

cybercrime, Data exfiltration, Don't miss, Malware, News, open source, report, Sonatype /

Open-source malware doubles, data exfiltration attacks dominate 2025-04-03 at 07:02 By Help Net Security There’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype. Quarterly breakdown (Source: Sonatype) The Q1 figure represents a significant decrease from

Open-source malware doubles, data exfiltration attacks dominate Read More »

Infosec products of the month: March 2025

1Kosmos, Alloy, Cloudflare, Cytex, Detectify, GetReal Security, iProov, Keysight Technologies, News, Outpost24, Palo Alto Networks, Pondurance, Red Canary, SailPoint, SimSpace, Sonatype, Sumsub, TXOne Networks /

Infosec products of the month: March 2025 2025-03-28 at 06:36 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: 1Kosmos, Alloy, Cloudflare, Cytex, Detectify, GetReal Security, iProov, Keysight Technologies, Outpost24, Palo Alto Networks, Pondurance, Red Canary, SailPoint, SimSpace, Sonatype, Sumsub, and TXOne Networks. Outpost24 introduces

Infosec products of the month: March 2025 Read More »

New infosec products of the week: March 7, 2025

News, Outpost24, Palo Alto Networks, Red Canary, Sonatype /

New infosec products of the week: March 7, 2025 2025-03-07 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Outpost24, Palo Alto Networks, Red Canary, and Sonatype. Outpost24 introduces CyberFlex to streamline attack surface management and pen testing Outpost24 has launched Outpost24 CyberFlex,

New infosec products of the week: March 7, 2025 Read More »

Sonatype AI SCA delivers visibility and control over AI/ML usage

Industry news, Sonatype /

Sonatype AI SCA delivers visibility and control over AI/ML usage 2025-03-05 at 11:34 By Industry News Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that enable enterprises to harness the full potential of AI. With its expertise in open source governance, Sonatype now extends its trusted platform to protect, manage, and optimize AI/ML

Sonatype AI SCA delivers visibility and control over AI/ML usage Read More »

Open source malware up 200% since 2023

Don't miss, Hot stuff, Malware, News, open source, report, software, Sonatype /

Open source malware up 200% since 2023 2024-12-11 at 07:32 By Help Net Security Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 2019. In 2024, researchers examined how threat actors leverage malicious open-source packages to target developers, particularly as enterprises increasingly adopt

Open source malware up 200% since 2023 Read More »

Infosec products of the month: March 2024

Appdome, AuditBoard, Bedrock Security, Cado Security, Check Point, CyberArk, Cynerio, DataDome, Delinea, Drata, Exabeam, GitGuardian, GitHub, GlobalSign, Legato Security, Legit Security, Malwarebytes, News, Ordr, Pentera, Portnox, Regula, Sentra, Sonatype, Spin.AI, Tenable, Tufin, Viavi Solutions, Zoom /

Infosec products of the month: March 2024 2024-04-01 at 05:46 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, AuditBoard, Bedrock Security, Cado Security, Check Point, CyberArk, Cynerio, DataDome, Delinea, Drata, Exabeam, GitGuardian, GitHub, GlobalSign, Legato Security, Legit Security, Malwarebytes, Ordr, Pentera, Portnox, Regula,

Infosec products of the month: March 2024 Read More »

New infosec products of the week: March 22, 2024

Appdome, Drata, GlobalSign, News, Ordr, Portnox, Sonatype, Tufin, Zoom /

New infosec products of the week: March 22, 2024 2024-03-22 at 06:02 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Drata, GlobalSign, Ordr, Portnox, Sonatype, Tufin, and Zoom. GlobalSign PKIaaS Connector enhances ServiceNow certificate lifecycle management With the upgrades in GlobalSign’s PKIaaS Connector,

New infosec products of the week: March 22, 2024 Read More »

Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain

Industry news, Sonatype /

Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain 2024-03-19 at 15:17 By Industry News Working with the world’s largest enterprises and global policymakers to address the complexities of optimizing your software supply chain with SBOMs (Software Bill of Materials), Sonatype announced SBOM Manager. This solution provides an integrated approach to managing

Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain Read More »

The dark side of GenAI

cybersecurity, Fortra, generative AI, SECURITI.ai, Sonatype, Video /

The dark side of GenAI 2024-03-18 at 06:03 By Help Net Security Beyond traditional AI models, generative AI (GenAI) can create new content, images, and even entire scenarios from scratch. While this technology holds immense promise across various sectors, it also introduces challenges and threats to cybersecurity. In this round-up from Help Net Security, cybersecurity

The dark side of GenAI Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Docker, Don't miss, Endor Labs, Hot stuff, News, open source, patching, Qualys, security update, Sonatype, Synopsys, vulnerability, vulnerability disclosure /

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

The root cause of open-source risk

CISO, cybersecurity, News, open source, report, software development, Sonatype, strategy, survey /

The root cause of open-source risk 05/10/2023 at 06:02 By Help Net Security 2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses known and avoidable risks. Vulnerabilities can still be prevented Nearly all (96%) vulnerabilities are still avoidable.

The root cause of open-source risk Read More »

GenAI in software surges despite risks

Artificial Intelligence, code, cybersecurity, DevOps, Don't miss, generative AI, Hot stuff, open source, software, Sonatype, Video, vulnerability /

GenAI in software surges despite risks 03/10/2023 at 07:05 By Help Net Security In this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software development lifecycle. According to a recent Sonatype survey of 800 developers (DevOps) and application security (SecOps) leaders,

GenAI in software surges despite risks Read More »

Generative AI lures DevOps and SecOps into risky territory

Application Security, Artificial Intelligence, cybersecurity, DevOps, generative AI, Government, News, open source, regulation, report, Sonatype, survey /

Generative AI lures DevOps and SecOps into risky territory 15/09/2023 at 06:36 By Help Net Security Application security leaders are more optimistic than developer leaders on generative AI, though both agree it will lead to more pervasive security vulnerabilities in software development, according to Sonatype. According to the surveyed DevOps and SecOps leaders, 97% are

Generative AI lures DevOps and SecOps into risky territory Read More »

Open-source security challenges and complexities

Aiven, Cloud Security Alliance, cybersecurity, open source, Sonatype, Video /

Open-source security challenges and complexities 31/07/2023 at 06:31 By Help Net Security Open source refers to software or technology that is made available to the public with its source code openly accessible, editable, and distributable. In other words, the source code contains the underlying programming instructions and is freely available for anyone to view, modify,

Open-source security challenges and complexities Read More »

Scroll to Top