appsec.fyi · Sources

sonatype.com

7 curated AppSec resources from sonatype.com across 3 topics on appsec.fyi.

sonatype.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-19.

Supply Chain 5 Python 3 Deser 1
Date Added Resource Excerpt
2026-04-19 2026Compromised LiteLLM PyPI Package Delivers Credential StealerPythonSupply ChainLibrary versions 1.82.7 and 1.82.8 of the popular Python package litellm, an abstraction for interacting with LLMs from providers like OpenAI and Google, were compromised on PyPI. This malicious code acted as a multi-stage credential stealer, exfiltrating sensitive data including API keys, cloud provider credentials, and Kubernetes secrets. The payload employed AES-256-CBC encryption for data and RSA for key protection, ultimately attempting to establish persistence via a system service and download further payloads from attacker-controlled infrastructure.
2026-04-17 2026Q1 2026 Open Source Malware Index: Adaptive Attacks Exploit TrustSupply ChainIndex of Q1 2026 open source malware details 21,764 malicious packages, with npm accounting for 75% and trojans dominating credential theft and host reconnaissance. Defining the quarter was trust abuse, as seen in the SANDWORM_MODE campaign's adaptive behavior, the LiteLLM compromise via trusted tooling, and the axios compromise exploiting transitive dependencies, highlighting attackers' success by hiding behind legitimate workflows and package names.
2026-04-16 2026Why Software Supply Chain Security Requires a New PlaybookSupply ChainLibrary providing techniques for securing software supply chains, addressing risks from malicious dependencies like typosquatting packages, compromised trusted components, and insecure CI/CD pipelines. It advocates for an integrity-driven development approach, shifting from reactive defense to proactive prevention by controlling entry into development environments, verifying code integrity, minimizing access, and real-time monitoring, effectively treating software delivery as a security process.
2026-04-10 2026CVE-2025-1716 Sonatype Security AdvisoryPythonAdvisory detailing CVE-2025-1716, an unsafe deserialization vulnerability in Python's `pickle` module, allowing bypass of static analysis tools like `picklescan`. An attacker can craft a malicious model using `pickle` to execute `pip.main()` and install a compromised PyPI package, leading to remote code execution. The vulnerability, CWE-184, stems from `pip` not being treated as an unsafe global by `picklescan` before version 0.0.21. Sonatype recommends upgrading to version 0.0.22 or higher for mitigation.
2026-04-10 20262026 Software Supply Chain ReportSupply ChainReport detailing the 2025 evolution of open source malware, with over 454,600 new malicious packages identified across major registries like npm and PyPI. The report highlights industrialized campaigns by state-linked entities such as the Lazarus Group, who deployed sophisticated multi-stage payload chains and introduced self-replicating malware like Shai-Hulud. Attacks increasingly leverage typosquatting, namespace confusion, and toolchain masquerading to target developer and build environments, with observed behaviors including TEA token harvesting, secrets exfiltration, and backdoor deployment.
2026-04-10 2026Exposing 4 Critical Vulnerabilities in Python PickleScan | SonatypeDeserPythonWriteup of four critical vulnerabilities discovered in the Python security tool picklescan. CVE-2025-1716 allows arbitrary code execution, bypassing static analysis. CVE-2025-1889 fails to detect hidden files relying on extensions. CVE-2025-1944 is vulnerable to ZIP filename tampering, causing crashes but allowing model loading. CVE-2025-1945 fails to detect malicious files when ZIP file flag bits are modified. These issues impact AI/ML model security and were addressed in picklescan version 0.0.23.
2026-04-06 2026Axios Compromise on npm Introduces Hidden Malicious PackageSupply ChainWriteup on the axios npm compromise, where attackers hijacked an account to publish malicious versions (axios@1.14.1, axios@0.30.4) that silently introduced a hidden dependency on `plain-crypto-js@4.2.1`. This technique, tracked as sonatype-2026-001623 and sonatype-2026-001622 respectively, leveraged npm's postinstall scripts to execute obfuscated code, download a RAT, and spread to other packages like those in the OpenClaw ecosystem.