Stay Current on the Latest Sonatype News

Media Hit

Suspected hijacked developer accounts spread npm malware

March 26, 2026

Media Hit

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

March 25, 2026

Media Hit

Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM

March 25, 2026

Media Hit

Open source isn't a tip jar – it's time to charge for access

March 25, 2026

Media Hit

Supply chain attack hits widely-used AI package, risks impacting thousands of companies

March 25, 2026

Media Hit

Sonatype’s Brian Fox on coding agents getting more cautious, but not safer

March 25, 2026

Media Hit

Sonatype Research Finds Newer AI Models Hallucinate Less but Caution Creates Its Own Risk

March 25, 2026

Media Hit

Coding Agents Are Getting More Cautious, but Not Safer – Brian Fox – RSAC26 #2

March 24, 2026

Media Hit

LLM hesitancy leaves open source risks in place

March 24, 2026

Media Hit

2026 State of the Software Supply Chain with Brian Fox

March 23, 2026

Media Hit

Two Malicious npm Packages Aim to Steal Credentials and Other Secrets

March 23, 2026

Media Hit

Vibe coding is killing open source, increasing software risk

March 18, 2026

Media Hit

If consequences matter, they should apply to vendors, too

March 11, 2026

Media Hit

Will AI make cybersecurity obsolete? Or is Silicon Valley still just fantasizing?

March 9, 2026

Media Hit

Open source devs consider making hogs pay for every download

February 28, 2026

Media Hit

The Open Source Economy is Cracking and Europe’s SMEs are on the Fault Line

February 24, 2026

Media Hit

Software developers: Prime cyber targets and a rising risk vector for CISOs

February 9, 2026

Media Hit

Every Developer Is Now A Risk: AI, Accountability And The Future Of Software

February 6, 2026

In the News

Stay up to date on what’s new at Sonatype.

Suspected hijacked developer accounts spread npm malware

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM

Open source isn't a tip jar – it's time to charge for access

Supply chain attack hits widely-used AI package, risks impacting thousands of companies

Sonatype’s Brian Fox on coding agents getting more cautious, but not safer

Sonatype Research Finds Newer AI Models Hallucinate Less but Caution Creates Its Own Risk

Coding Agents Are Getting More Cautious, but Not Safer – Brian Fox – RSAC26 #2

LLM hesitancy leaves open source risks in place

2026 State of the Software Supply Chain with Brian Fox

Two Malicious npm Packages Aim to Steal Credentials and Other Secrets

Vibe coding is killing open source, increasing software risk

If consequences matter, they should apply to vendors, too

Will AI make cybersecurity obsolete? Or is Silicon Valley still just fantasizing?

Open source devs consider making hogs pay for every download

The Open Source Economy is Cracking and Europe’s SMEs are on the Fault Line

Software developers: Prime cyber targets and a rising risk vector for CISOs

Every Developer Is Now A Risk: AI, Accountability And The Future Of Software