Sonatype

Photos: Infosecurity Europe 2025, part 2
Infosecurity Europe 2025 is a cybersecurity event taking place from June 3 to 5 in London. Help Net Security is on-site and here’s a closer look at the conference. The …

Development vs. security: The friction threatening your code
Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s …

Open-source malware doubles, data exfiltration attacks dominate
There’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according …

Infosec products of the month: March 2025
Here’s a look at the most interesting products from the past month, featuring releases from: 1Kosmos, Alloy, Cloudflare, Cytex, Detectify, GetReal Security, iProov, Keysight …

New infosec products of the week: March 7, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Outpost24, Palo Alto Networks, Red Canary, and Sonatype. Outpost24 introduces …

Sonatype AI SCA delivers visibility and control over AI/ML usage
Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that enable enterprises to harness the full potential of AI. With its expertise in open …

Open source malware up 200% since 2023
Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 2019. In 2024, researchers …

Infosec products of the month: March 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, AuditBoard, Bedrock Security, Check Point, CyberArk, Cynerio, DataDome, …

New infosec products of the week: March 22, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Drata, GlobalSign, Ordr, Portnox, Sonatype, Tufin, and Zoom. GlobalSign …

Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain
Working with the world’s largest enterprises and global policymakers to address the complexities of optimizing your software supply chain with SBOMs (Software Bill of …

The dark side of GenAI
Beyond traditional AI models, generative AI (GenAI) can create new content, images, and even entire scenarios from scratch. While this technology holds immense promise across …

Be prepared to patch high-severity vulnerability in curl and libcurl
UPDATE (October 11, 2023, 07:15 a.m. ET): Curl v8.4.0 is out and fixes both CVE-2023-38545, a SOCKS5 heap buffer overflow vulnerability and CVE-2023-38546, a cookie injection …
Featured news
Resources
Don't miss
- Meta open-sources AI tool to automatically classify sensitive documents
- Why SAP security updates are a struggle for large enterprises
- Attackers fake IT support calls to steal Salesforce data
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
- How to manage your cyber risk in a modern attack surface