See incredible research performed (24x7x365) by our team. Learn how open source exploits work. Get expert guidance on how to remediate risk.
Our news feeds are filled with reports of malicious attacks on open source code at the project source, most of which are bad actors leveraging code bases for their own gain. While we're taking
Thought you cleaned up your malicious flatmap-stream code? Check again.
You may have thought you'd read everything there was to read about flatmap-stream and as a result, fixed the offending
It’s been a busy month here at Sonatype as the tide of vulnerable components continues to rise. Our Data Research team has been investigating a large volume of components and working hard to keep
In this month’s edition of Nexus Intelligence Insights we’ll explore a vulnerability that can be exploited through a variety of vectors including through a confusing patch release, which if not
SQL injection hacks are nothing new. In fact, with the ever growing boldness of bad actors and the proliferation of automated tools designed to ferret out components that lend themselves to this
This month, we will be covering a component that is a little older, but probably to the surprise of many, very widely used across a variety of ecosystems. Considering the type of vulnerability the
Happy New Year!
To kick off 2019 we will be covering a vulnerability that is complex in context. All developers are aware of the varieties of privilege escalation and Cross-Site Scripting (XSS)
Welcome back to Nexus Intelligence Insights.
This month, we’re covering a vulnerability type that until recently, has flown a bit under the radar: deserialization of untrusted data.
Open Source vulnerabilities are an unfortunate fact of life. Vulnerable Open Source component downloads are up 12% over last year, and breaches involving OSS are up 55% year over year, according