TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer ...

eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly ...

Software supply chain management firm Sonatype Inc. today said it found a sharp rise in malicious activity targeting software developers and supply chains in the second quarter. The company’s Q2 2025 ...

Malicious open source packages reach 1.346 million as attackers abuse trusted software, release paths, and developer ...

Sonatype®, the end-to-end software supply chain security company, today released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 malicious open source packages across major ...

Sonatype, a provider of AI-centric DevSecOps, this week released the Open Source Malware Index, Q3 2025, which analyzed 34,319 open source malware packages discovered by Sonatype across major open ...

Fulton, Md., Oct. 15, 2025 (GLOBE NEWSWIRE) -- Sonatype®, the leader in AI-centric DevSecOps, today released the Open Source Malware Index, Q3 2025, which analyzed 34,319 open source malware packages ...

Due to automation and a high-reward, low-risk threat environment, open source malware increased 188% year over year in the second quarter of this year. Supply-chain security vendor Sonatype today ...

Researchers in cybersecurity are worried about Stealerium, an open-source malware that was theoretically phased out years ago but has now experienced its first unexpected resurgence. According to ...

Malware in open source software is no longer a fringe threat–it’s accelerating at an unprecedented rate. In 2025 alone, more than 90% of open source vulnerability (OSV) malware advisories were ...