Hacker News
- NPM flooded with 748 packages that store movies https://blog.sonatype.com/npm-flooded-with-748-packages-that-store-movies 8 comments
- PyPI package 'secretslib' drops fileless Linux malware to mine Monero https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero 60 comments
- PyPI: Python packets steal AWS keys from users https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web 100 comments
- 0-Day Vulnerability on Log4j https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild 4 comments
- ZeroTrustOps: Securing at Scale https://blog.sonatype.com/zerotrustops-securing-at-scale 2 comments
Lobsters
- npm flooded with 748 packages that store movies https://blog.sonatype.com/npm-flooded-with-748-packages-that-store-movies 16 comments nodejs , security
- PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero 7 comments python , security
- Log4shell by the download numbers- Why did CVE-2021-44228 set the Internet on Fire? https://blog.sonatype.com/why-did-log4shell-set-the-internet-on-fire 2 comments programming
- Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise https://blog.sonatype.com/fake-npm-roblox-api-package-installs-ransomware-spooky-surprise 59 comments programming
- Ua-parser-js highjack seems to be a part of a larger campaign first uncovered last week https://blog.sonatype.com/npm-project-used-by-millions-hijacked-in-supply-chain-attack 6 comments programming
- New PyPI crypto mining malware identified https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection 3 comments programming
- Why Namespacing Matters in Public Open Source Repositories https://blog.sonatype.com/why-namespacing-matters-in-public-open-source-repositories 11 comments java
- Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations https://blog.sonatype.com/dependency-hijacking-software-supply-chain-attack-hits-more-than-35-organizations 9 comments programming
- Dear Bintray and JCenter Users - Here’s What You Need to Know About The Central Repository https://blog.sonatype.com/dear-bintray-and-jcenter-users-heres-what-you-need-to-know-about-the-central-repository 6 comments programming
- Maven Shell - (I only just found out this existed) http://blog.sonatype.com/2010/03/introduction-to-maven-shell/#.u9ovvfmsyao 6 comments java