Axios Compromise on npm Introduces Hidden Malicious Package
A newly discovered software supply chain attack targeting the npm ecosystem briefly compromised one of the most widely used...
Sonatype Guide
Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer
This morning, the widely used Python package litellm, a popular abstraction layer for interacting with large language models (LLMs),...
Sonatype Discovers Two Malicious npm Packages
Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two...
Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm
Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000...
Accelerate Secure Releases With Microsoft Copilot and Sonatype Guide
AI coding assistants, such as Microsoft Copilot, are fundamentally transforming the process of software development. Developers can generate scaffolding,...
