Stay Current on the Latest Sonatype News

Media Hit

A concerning number of Log4j downloads are still vulnerable four years on

December 12, 2025

Media Hit

Did your npm pipeline break today? Check your ‘classic’ tokens

December 12, 2025

Media Hit

Log4j downloads shows supply chain wake-up call ignored

December 10, 2025

Media Hit

Log4Shell Downloaded 40 Million Times in 2025

December 10, 2025

Media Hit

Sonatype Launches Guide for Faster, More Secure AI Coding

December 9, 2025

Media Hit

Sonatype Guide brings DevSecOps to AI coding

December 9, 2025

Media Hit

Sonatype debuts guide to secure AI-assisted software development

December 9, 2025

Media Hit

Bridging the Open Source Gap: From Funding Paradoxes to Digital Sovereignty

December 8, 2025

Media Hit

Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say

December 5, 2025

Media Hit

US cyber progress isn’t stalled — it’s evolving

December 2, 2025

Media Hit

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

December 25, 2025

Media Hit

Shai-Hulud malware is back with a vengeance and hit more than 19,000 GitHub repositories so far — here's what developers need to know

December 25, 2025

Media Hit

Shai-Hulud is back with a new campaign infecting more npm packages

November 24, 2025

Media Hit

The slow rise of SBOMs meets the rapid advance of AI

November 24, 2025

Media Hit

Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updated

November 21, 2025

Media Hit

Sonatype Unveils Nexus One

November 19, 2025

Media Hit

Building Trust in the Age of AI: Sonatype CEO Bhagwat Swaroop on Why India is the Future of Software Security

November 14, 2025

Media Hit

“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages

November 13, 2025

In the News

Stay up to date on what’s new at Sonatype.

A concerning number of Log4j downloads are still vulnerable four years on

Did your npm pipeline break today? Check your ‘classic’ tokens

Log4j downloads shows supply chain wake-up call ignored

Log4Shell Downloaded 40 Million Times in 2025

Sonatype Launches Guide for Faster, More Secure AI Coding

Sonatype Guide brings DevSecOps to AI coding

Sonatype debuts guide to secure AI-assisted software development

Bridging the Open Source Gap: From Funding Paradoxes to Digital Sovereignty

Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say

US cyber progress isn’t stalled — it’s evolving

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

Shai-Hulud malware is back with a vengeance and hit more than 19,000 GitHub repositories so far — here's what developers need to know

Shai-Hulud is back with a new campaign infecting more npm packages

The slow rise of SBOMs meets the rapid advance of AI

Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updated

Sonatype Unveils Nexus One

Building Trust in the Age of AI: Sonatype CEO Bhagwat Swaroop on Why India is the Future of Software Security

“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages