InfoWorld

Sonatype warns of 18,000 open source malware packages

Over half of the malware Sonatype discovered in Q1 2025 was designed to exfiltrate sensitive information from infected systems, the company said. Software supply chain security company Sonatype ...
SiliconANGLE

Fortinet identifies thousands of malicious software packages exploiting open-source repositories

A new report out today from Fortinet Inc.’s FortiGuard Labs highlights a growing wave of malicious software packages exploiting system vulnerabilities. Based on data collected since November 2024, the ...
Dark Reading

Malicious Open Source Packages Spike 188% YoY

Due to automation and a high-reward, low-risk threat environment, open source malware increased 188% year over year in the second quarter of this year. Supply-chain security vendor Sonatype today ...
Infosecurity-magazine.com

Malicious npm Packages Exploit Ethereum Smart Contracts

A malicious campaign targeting developers through npm and GitHub repositories has been uncovered, featuring an unusual method of using Ethereum smart contracts to conceal command-and-control (C2) ...