Skip Navigation

Platform
Solutions
- - Integrated Innovation Align dev, security, and ops teams to fuel secure deployment
- By Industry
Pricing
Resources
- - Resource Center Articles, videos, and reports that help transform the way you innovate.
Partners
- - Partner Program Explore the Sonatype Partner Acceleration Program
    - Become a Partner Join our extensive Sonatype Partner Network
    - Find a Partner Find and connect with a certified Sonatype Partner
Company

Book a Demo

Posts by Ax Sharma

Ax is a security researcher, malware analyst and journalist with a penchant for open source software. His works and expert analyses have frequently been featured by leading media outlets including the BBC. Ax's expertise lies in security vulnerability research, reverse engineering, and cybercrime investigations. He has a passion for educating a wide range of audiences through writing and vlogs.

Blog Post

Revived CryptoJS library is a crypto stealer in disguise

Read More

Blog Post

Multiple crypto packages hijacked, turned into info-stealers

Read More

Blog Post

Fake VS Code extension on npm uses altered ScreenConnect utility as spyware

Read More

Blog Post

Fake Solana packages target crypto devs, abuse Slack and ImgBB for data theft

Read More

Blog Post

npm packages from rspack, vant compromised, blocked by Sonatype

Read More

Blog Post

Counterfeit ESLint and Node 'types' libraries downloaded thousands of times abuse Pastebin

Read More

Blog Post

Fake IP checker utilities on npm are crypto stealers

Read More

Blog Post

Lottie Player compromised in supply chain attack - all you need to know

Read More

Blog Post

Counterfeit Lodash attack leverages AnyDesk to target Windows users

Read More

Blog Post

'Netfetcher' package drops illicit 'node' binary on Windows

Read More

Blog Post

Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight

Read More

Blog Post

Ideal typosquat 'solana-py' steals your crypto wallet keys

Read More

Blog Post

npm packages conceal macOS malware in 'travis.yml' files, drop bogus "Safari Updates"

Read More

Blog Post

Polyfill.io supply chain attack hits 100,000+ websites — all you need to know

Read More

Blog Post

Exploit creator selling 250+ reserved npm packages on Telegram

Read More

1
2
3
...
9

Platform
- Overview
- Repository
- Pricing
- Firewall
- SBOM Manager
- Lifecycle
- Integrations
- AI/ML

Solutions

Community

Partners

Company

Subscribe for all the latest software security news and events

Subscribe Today

Terms of Service
Privacy Policy
Modern Slavery Statement
Event Terms and Conditions
Do Not Sell My Personal Information
Cookie Preferences

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.