DevZone

In late 2023, a few members of the Apache Logging Services project – known for providing the famous Log4j logging framework – received funding from the Sovereign Tech Fund (STF) to enhance ...

Sonatype has identified multiple open source packages named sniperv1, sniperv2, among others that infect npm developers with a Windows info-stealer and crypto-stealer called 'Bladeroid.' ...

Back in the day, Ivanti disclosed CVE-2021-44529, a critical "code injection" vulnerability in its EPM Cloud Services Appliance (CSA) product ...

Over the past few weeks, vulnerabilities in proprietary Ivanti products, in particular Ivanti Connect Secure, Policy Secure, and ZTA gateways, have been making headlines for their active exploitation in the wild ...

Meet npmjs.com, a video and eBook hosting platform — not our words, but it seems that's what goes in the mind of some users (and attackers) recently seen misusing the platform to ...

DevSecOps, a fusion of development, security, and operations, marks a paradigm shift in software development, seamlessly integrating security throughout the software development life cycle (SDLC) ...

The npm package 'everything' sparked some controversy slowly after its publication over the holidays this year ...

In a recent webinar hosted by Sonatype, Chief Technology Officer (CTO) and co-founder Brian Fox and Field CTO Ilkka Turunen discussed the critical security vulnerability affecting Apache Struts2 ...

Over the past few years, a not-so-great holiday season tradition has been critical security vulnerabilities that come out at the last minute, prompting action and fast responses at a time when resources ...

In October 2023, the Cybersecurity and Infrastructure Security Agency (CISA) published a white paper Software Identification Ecosystem Option Analysis. Following the release of that paper, the Department of Homeland Security (DHS), CISA's ...