Everything Open Source

Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses

Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses

| | Everything Open Source, Malware, Malware Analysis, open source management, open-source malware, Vulnerabilities
TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most ...
2024 Sonatype Blog

Open Source Malware Index Q4 2025: Automation Overwhelms Ecosystems

| | Everything Open Source, Malware, Malware Analysis, open source, open source management, open-source malware
As open source software continues to fortify modern applications, attackers are finding new and increasingly efficient ways to exploit the trust developers place in public ecosystems ...
2024 Sonatype Blog
Open Source Malware Index Q3 2025: High-Severity Attacks Surge

Open Source Malware Index Q3 2025: High-Severity Attacks Surge

| | Everything Open Source, Malware, Malware Analysis, open source management
As open source ecosystems continue to expand, so does the sophistication and aggression of malicious actors targeting them ...
2024 Sonatype Blog

Open Source Malware Index Q2 2025: Data exfiltration remains a leading threat

| | Everything Open Source, Malware, Malware Analysis, open source management
In the second quarter of 2025, Sonatype uncovered 16,279 pieces of open source malware, bringing the total number of malicious packages identified by our automated detection systems to 845,204 and counting. Once ...
2024 Sonatype Blog
Open Source Malware Index Q1 2025: Data exfil threats rising sharply

Open Source Malware Index Q1 2025: Data exfil threats rising sharply

| | Everything Open Source, Malware, Malware Analysis, open source management
Sonatype's ongoing mission is to equip organizations with the most up-to-date information on open source security threats. As part of that commitment, we will be sharing data and insights on a quarterly ...
2024 Sonatype Blog
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma

| | Everything Open Source, FEATURED, malicious injection, News and Views, software supply chain
As sure as long weekends arrive in the western world, so too does news of new supply chain attacks. The easter bank holidays were no exception, with the discovery of a targeted ...
Sonatype Blog
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

| | Everything Open Source, FEATURED, malicious injection, News and Views, software supply chain
As sure as long weekends arrive in the western world, so too does news of new supply chain attacks. The easter bank holidays were no exception, with the discovery of a targeted ...
Sonatype Blog
Project Highlights for World Open Source Day: My Open Source Tools

Project Highlights for World Open Source Day: My Open Source Tools

| | Everything Open Source, News and Views, Open Source Tools, World Open Source Day
  ...
Sonatype Blog

Wicked Good Development: A Look at the Past, Present, and Future of Maven Central

| | DevZone, Everything Open Source, FEATURED, Maven, The Central Repository
Wicked Good Development is dedicated to the future of open source. This space is to learn about the latest in the developer community and talk shop with open source software innovators and ...
Sonatype Blog

Wicked Good Development – Episode 2

| | DevZone, Everything Open Source, News and Views, Podcast, Secure Coding
Wicked Good Development is dedicated to the future of open source. This space is to learn about the latest in the developer community and talk shop with open source software innovators and experts ...
Sonatype Blog
Load more