Open-Source Malware Zeroes in on Developer Environments

Open-source malware zeroes in on developer environments

Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader shift in supply chain attacks away from end users and toward the tools, machines, and pipelines used to build software in the first place. Key takeaways (Source: Sonatype) Malware campaigns scaled through registries Researchers identified more than 450,000 new malicious op…

Malicious Open Source Software Packages Neared 500k In 2025 - Cybernoz - Cybersecurity News

Malicious open source software packages have become a critical problem threatening the software supply chain. That’s one of the major takeaways of a new report titled “State of the Software Supply Chain” by open source software security company Sonatype. Sonatype said its researchers identified more than 454,600 new malicious packages last year across npm, PyPI, Maven Central, NuGet, and Hugging Face, repositories which together combined for 9.8…

Malicious Open Source Software Packages Neared 500k In 2025

Malicious open source software packages have become a critical problem threatening the software supply chain. That’s one of the major takeaways of a new report titled “State of the Software Supply Chain” by open source software security company Sonatype. Sonatype said its researchers identified more than 454,600 new malicious packages last year across npm, PyPI, Maven Central, NuGet, and Hugging Face, repositories which together combined for 9.8…