Platform
- - Platform overview Automate your software supply chain security
  - Integrations Work in the tools, languages, and packages you already use
Solutions
- - Integrated Innovation Align dev, security, and ops teams to fuel secure deployment
- By Industry
Pricing
Resources
- - Resource Center Articles, videos, and reports that help transform the way you innovate.
Partners
- - Become a Partner Join our extensive Sonatype Partner Network
  - Find a Partner Find and connect with a certified Sonatype partner
Company

Posts by Ax Sharma

Ax is a Staff Security Researcher & Malware Analyst at Sonatype with a penchant for open source software. His works and expert analyses have frequently been featured by leading media outlets including the BBC. Ax's expertise lies in security vulnerability research, reverse engineering, and cybercrime investigations. He has a passion for educating a wide range of audiences through writing and vlogs.

Blog Post

What's happening with the CrowdStrike incident: When a software update turns into a cyber crisis

Blog Post

Exploit creator selling 250+ reserved npm packages on Telegram

Blog Post

'cors-parser' npm package hides cross-platform backdoor in PNG files

Blog Post

Russia-linked 'Lumma' crypto stealer now targets Python devs

Blog Post

Npm packages conceal macOS malware in 'travis.yml' files, drop bogus "Safari Updates"

Blog Post

Polyfill.io supply chain attack hits 100,000+ websites — all you need to know

Blog Post

Exploit creator selling 250+ reserved npm packages on Telegram

Blog Post

'cors-parser' npm package hides cross-platform backdoor in PNG files

Blog Post

Russia-linked 'Lumma' crypto stealer now targets Python devs

Blog Post

PyPI crypto-stealer targets Windows users, revives malware campaign

Blog Post

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Blog Post

Open source ML/AI models: attackers' next target

Blog Post

npm packages spread 'Bladeroid' crypto-stealer, hijack your Instagram

Blog Post

The curious case of 'csrf-magic': A case study in supply chain poisoning

Platform

Solutions

Community

Partners

Company
- Careers
- Contact
- About
- Newsroom
- Trust Center
- Investors
- Press Kit

Subscribe for all the latest software security news and events

Terms of Service
Privacy Policy
Modern Slavery Statement
Event Terms and Conditions
Do Not Sell My Personal Information

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.