Sonatype

The root cause of open-source risk
2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses …

GenAI in software surges despite risks
In this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software …

Generative AI lures DevOps and SecOps into risky territory
Application security leaders are more optimistic than developer leaders on generative AI, though both agree it will lead to more pervasive security vulnerabilities in software …

Open-source security challenges and complexities
Open source refers to software or technology that is made available to the public with its source code openly accessible, editable, and distributable. In other words, the …

Video walkthrough: Cybertech Tel Aviv 2023
Help Net Security is in Israel this week for Cybertech Tel Aviv 2023, talking to the key players from the cybersecurity industry and businesses from a wide range of sectors, …

A closer look at malicious packages targeting Python developers
In this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique …

Sonatype and CyberRes expand collaboration to strengthen application security
Sonatype has expanded strategic partnership with CyberRes to provide organizations with a complete open source and application security solution. Building off of an eight-year …

Consumer behaviors are the root of open source risk
Sonatype unveiled its eighth annual State of the Software Supply Chain Report which, in addition to a massive surge in open source supply, demand, and malicious attacks, found …

Open source projects under attack, with enterprises as the ultimate targets
Sonatype has found a massive year-over-year increase in cyberattacks aimed at open source projects. According to early data from Sonatype’s 8th annual State of the …

Malicious PyPI packages drop ransomware, fileless malware
In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, discusses newly found PyPI packages that pack ransomware, and another package that appears …

Python packages with malicious code expose secret AWS credentials
Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and …

Infosec products of the month: May 2022
Here’s a look at the most interesting products from the past month, featuring releases from: AuditBoard, BIO-key, Cohesity, Corelight, Data Theorem, Deepfence, ForgeRock, …
Featured news
Resources
Don't miss
- Trojanized SonicWall NetExtender app exfiltrates VPN credentials
- High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)
- Why work-life balance in cybersecurity must start with executive support
- Reconmap: Open-source vulnerability assessment, pentesting management platform
- Microsoft will start removing legacy drivers from Windows Update