News
Sonatype Releases Q1 2026 Open Source Malware Index: Trust Abuse Most Successful Attack Vector
7+ hour, 53+ min ago (96+ words) Malicious open source packages reach 1. 346 million as attackers abuse trusted software, release paths, and developer workflows Trust Abuse, Not Novelty, Defined the Most Successful Q1 Attacks Developer and CI/CD Environments: Primary Targets for Access, Persistence, and Reuse npm Remained the…...
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses
7+ hour, 53+ min ago (1102+ words) Nexus One Platform Automate open source and AI governance Sonatype Nexus Repository Build fast with a centralized binary repository Sonatype Lifecycle Avoid rework with automated SCA and remediation Sonatype Guide Guide AI coding assistants with open source intelligence Sonatype SBOM…...
AI, Dev Sec Ops, and the Future of Application Security: The Gartner" Report
1+ week, 6+ hour ago (767+ words) Even as organizations recognize the importance of application security, most still struggle to operationalize it at scale. That gap becomes harder to ignore as development accelerates, AI becomes embedded in workflows, and software supply chains grow more complex. At the…...
How Sonatype's Container Scanning Protects You From Zero-Days
1+ week, 6+ day ago (854+ words) Nexus One Platform Automate open source and AI governance Sonatype Nexus Repository Build fast with a centralized binary repository Sonatype Lifecycle Avoid rework with automated SCA and remediation Sonatype Guide Guide AI coding assistants with open source intelligence Sonatype SBOM…...
Axios Compromise on npm Introduces Hidden Malicious Package
2+ week, 1+ hour ago (860+ words) Nexus One Platform Automate open source and AI governance Sonatype Nexus Repository Build fast with a centralized binary repository Sonatype Lifecycle Avoid rework with automated SCA and remediation Sonatype Guide Guide AI coding assistants with open source intelligence Sonatype SBOM…...
Autonomous Development and AI: Speed vs. Security
2+ week, 4+ day ago (967+ words) Nexus One Platform Automate open source and AI governance Sonatype Nexus Repository Build fast with a centralized binary repository Sonatype Lifecycle Avoid rework with automated SCA and remediation Sonatype Guide Guide AI coding assistants with open source intelligence Sonatype SBOM…...
Grounded Intelligence Is Key to Safe AI Software Development at Scale
2+ week, 6+ day ago (525+ words) One experience has become nearly universal as AI systems move deeper into software development, their confidence when they're wrong. Modern LLMs can generate code, recommend fixes, and even suggest dependency upgrades. But they also routinely invent package names, versions, and…...
Compromised litellm Py PI Package Delivers Multi-Stage Credential Stealer
3+ week, 1+ hour ago (850+ words) Nexus One Platform Automate open source and AI governance Sonatype Nexus Repository Build fast with a centralized binary repository Sonatype Lifecycle Avoid rework with automated SCA and remediation Sonatype Guide Guide AI coding assistants with open source intelligence Sonatype SBOM…...
Golden Pull Requests: Automating Trusted Remediation Without Breaking Builds
3+ week, 1+ day ago (96+ words) Nexus One Platform Automate open source and AI governance Sonatype Nexus Repository Build fast with a centralized binary repository Sonatype Lifecycle Avoid rework with automated SCA and remediation Sonatype Guide Guide AI coding assistants with open source intelligence Sonatype SBOM…...
Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm
4+ week, 27+ min ago (826+ words) Nexus One Platform Automate open source and AI governance Sonatype Nexus Repository Build fast with a centralized binary repository Sonatype Lifecycle Avoid rework with automated SCA and remediation Sonatype Guide Guide AI coding assistants with open source intelligence Sonatype SBOM…...