Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.

Sonatype said in its 2026 State of the Software Supply Chain report that developers downloaded components 9.8 trillion times ...

Open source malware surpasses 1.233 million packages, escalating in scale and sophistication: Nation-state attackers increasingly mimic trusted developer tools and leverage legitimate channels to ...

The scale and sophistication of attacks targeting developers, software teams and CI/CD pipelines continued to grow in Q2 2025, with Sonatype reporting a 188% annual increase in malicious open source ...

Software supply chain management firm Sonatype Inc. today said it found a sharp rise in malicious activity targeting software developers and supply chains in the second quarter. The company’s Q2 2025 ...

Tea.xyz has announced their new ecosystem findings highlighting escalating risks across the global open-source software ...

Attackers are Exploiting Trust, Scale, and Automation Across Open-Source and Commercial Software and Emerging AI Ecosystems ...

Due to automation and a high-reward, low-risk threat environment, open source malware increased 188% year over year in the second quarter of this year. Supply-chain security vendor Sonatype today ...

Sonatype, a software supply chain security company, this week released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 malicious open source packages across major ecosystems ...

Sonatype®, the end-to-end software supply chain security company, today released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 malicious open source packages across major ...