Sonatype

Suspected Hijacked Developer Accounts Spread npm Malware

2 minute read

Security
Malware

Suspected Hijacked Developer Accounts Spread npm Malware

Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk?

byDeeba Ahmed

March 26, 2026

Patch Now: 98% of Apache Struts Downloads are Risky EOL Versions

2 minute read

Security

Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads

Over 387,000 users downloaded vulnerable Apache Struts versions this week. Exclusive Sonatype research reveals a high-risk flaw found by AI. Is your system at risk?

byDeeba Ahmed

January 15, 2026

The Latest

Anonymizing Network Traffic: A Dive into SOCKS5 and Data Encryption

Securing Remote Server Access: Why VPNs Matter for Administrators

Fake Claude AI Installer Targets Windows Users with PlugX Malware

Fake Ledger Live App on Apple Store Linked to $9.5M Crypto Theft

Sonatype

Suspected Hijacked Developer Accounts Spread npm Malware

Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads

Security Risk Advisors Purple Team Participants Can Now Earn CPE Credits

Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action

AI Future: The Leading International AI and Web3 Forum to Take Place in April

Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec

2026 Cybersecurity Excellence Awards Winners Announced during RSA Conference as AI Security Dominates