Open source malware up 140 percent

The latest OS Malware Index from Sonatype shows a 140 percent surge in open source malware as attackers target data and trusted dependencies. The index is compiled from analysis of 34,319 open source malware packages discovered by Sonatype across major open source registries including npm, PyPI, Hugging Face, and more. This quarter’s count brings the total number of malicious packages Sonatype has discovered to 877,522 since 2019. “The era of noisy, opportunistic malware is over. Attackers are patient, organised, and increasingly using AI to embed themselves inside the very tools developers rely on,” says Brian Fox, CTO and co-founder of… [Continue Reading]