惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Security Affairs
美团技术团队
量子位
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
小众软件
小众软件
Microsoft Azure Blog
Microsoft Azure Blog
Apple Machine Learning Research
Apple Machine Learning Research
MongoDB | Blog
MongoDB | Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 叶小钗
N
Netflix TechBlog - Medium
大猫的无限游戏
大猫的无限游戏
J
Java Code Geeks
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cyber Attacks, Cyber Crime and Cyber Security
Recent Announcements
Recent Announcements
Cisco Talos Blog
Cisco Talos Blog
L
LangChain Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 三生石上(FineUI控件)
U
Unit 42
T
Tenable Blog
Security Latest
Security Latest
Scott Helme
Scott Helme
B
Blog
C
Cybersecurity and Infrastructure Security Agency CISA
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
A
Arctic Wolf
S
Schneier on Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
酷 壳 – CoolShell
酷 壳 – CoolShell
I
Intezer
Know Your Adversary
Know Your Adversary
云风的 BLOG
云风的 BLOG
有赞技术团队
有赞技术团队
雷峰网
雷峰网
The Cloudflare Blog
Cloudbric
Cloudbric
Latest news
Latest news
Project Zero
Project Zero
S
Secure Thoughts
V
Visual Studio Blog
博客园 - Franky
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
W
WeLiveSecurity

Press Releases

Sonatype Named a Leader in the 2026 Gartner® Magic Quadrant™ Sonatype Strengthens Leadership Team for AI-Driven Growth Sonatype and Package Registry Leaders Unite on OS Sustainability Sonatype Releases Q1 2026 Open Source Malware Index AI Grounded in Intelligence Delivers Safer Outcomes | Sonatype Sonatype Research Reveals Open Source Malware Grows 75% Sonatype Introduces Guide for Secure Agentic Development CVE Program Leaves Vulnerabilities Unscored | Sonatype Sonatype Unveils Nexus One: An AI-Native DevSecOps Platform Sonatype Grand Opening of India Innovation Hub in Hyderabad Announcing 2025 Elevate Award Winners & Finalists | Sonatype Open Source Malware Surges in Q3 as Attackers Target Dependencies Sonatype Named Visionary in 2025 Gartner® Magic Quadrant™ for AST Sonatype Launches Nexus Repository Cloud in the AI Era | Sonatype
Sonatype Firewall Extends Malicious Package Protection
Sonatype · 2026-05-27 · via Press Releases

New Sonatype research finds only 9% of brandjacking malware relies on typosquatting alone, as attackers use trusted-looking package names to slip past developer workflows and steal credentials

Fulton, Md. – May 27, 2026 Sonatype®, the control plane for agentic software development, today expanded Sonatype Firewall protections to help organizations block malicious open source packages before they enter any repository environment, including third-party repositories and mixed repository environments. With Firewall, enterprises have a protected front door between developers and AI coding assistants and the public registries they depend on.

Sonatype also unveiled a study of more than 4,300 malicious open source packages, observing that naming conventions and workflow familiarity are being abused to create a blind spot at the moment a developer adds a dependency or updates a lockfile. Key findings include:

  • Sophisticated attackers have moved beyond typosquatting: In 91% of cases, sophisticated naming variants such as prefix-addition, version mimicry, and embedding, are used to infiltrate developer environments instead of traditional misspellings.
  • Data and credential theft is the primary objective: Nearly three-quarters (74%) of the analyzed malicious packages were specifically designed to silently exfiltrate developer credentials, API keys, and environment variables to facilitate broader system compromise.
  • Organized campaigns are heavily targeting popular frameworks: Attackers have industrialized their methods, with nearly 150 distinct campaign families identified. They specifically zero in on modular ecosystems like React and ESLint where deceptive add-ons easily blend in.
  • Plausible deception easily bypasses traditional security controls: By convincingly mimicking legitimate extensions rather than relying on spelling errors, these packages evade standard spelling-based checks, meaning a single compromised developer machine can quickly escalate into a large-scale breach.

“Typosquatting is table stakes now. Attackers aren’t just misspelling popular package names — they’re copying the language, structure, and habits of real software ecosystems. By the time a malicious package has built a reputation, it may already be in a developer workstation,” said Brian Fox, CTO and co-founder of Sonatype and Global Maintainer of Maven Central. “Developers and AI agents need safer defaults, not more dashboards. The winning model is to approve, block, guide, and remediate when a component is chosen — not after bad code is already in the build.”

Sonatype Firewall gives next-gen development teams a first line of defense by blocking malicious and suspicious packages at assembly. Today’s expansion gives organizations control before risk reaches the build, without disrupting existing repository workflows. As the steward of Maven Central and provider of Nexus Repository, Sonatype has deep visibility into how open source components are published, consumed, and propagated across modern software development. That visibility, including two decades of open source intelligence, helps organizations make better decisions at the source.

Expanded Sonatype Firewall protections are available for any repository. To read the full study, Beyond Typosquatting Attacks: How Threat Actors Use Naming Variants to Steal Developer Data, visit: https://www.sonatype.com/resources/research/beyond-typosquatting-attacks.

About Sonatype

Sonatype gives enterprises control over what goes into software, before it becomes production risk. As development accelerates with open source, AI assistants, and agentic workflows, Sonatype helps developers and security teams choose what is safe, block what is dangerous, and fix what matters without slowing innovation. As the steward of Maven Central and provider of Nexus Repository, Sonatype has unmatched visibility into how open source components are published, consumed, and propagated. Its platform protects, guides, and governs software assembly across the SDLC — helping organizations stop malicious packages, make better dependency decisions, remediate faster, and prove what’s inside every application. To learn more about Sonatype, please visit www.sonatype.com.