Software program provide chain safety firm Sonatype uncovered 17,954 open-source malware packages throughout Q1 2025, the corporate revealed in its Open Supply Malware Index.
Sonatype’s Open Supply Malware Index for Q1 2025 was launched April 2. A proliferation of open supply malware, or malicious open supply packages, poses unprecedented threat within the type of software program provide chain assaults, the corporate stated. Open supply malware is deliberately crafted to focus on builders, so as to infiltrate and exploit software program chains, in accordance with Sonatype.
The index examines evolving tendencies in open supply malware and key shifts in malicious open supply packages throughout ecosystems. Knowledge for Q1 2025 confirmed a notable shift within the sorts of threats concentrating on software program builders, with greater than half of the malware aimed toward exfiltrating delicate knowledge, Sonatype stated.
