open-source malware
Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT
Attackers do not need to wait for a CVE when they can publish directly into the build ...
Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target
Why bother hunting for a CVE when you can just publish malicious code straight into the software supply chain? That’s the story behind the latest wave of Shai-Hulud-related npm compromises, which recently ...
The Evolution of Open Source Malware: From Volume to Trust Abuse
Open source malware is no longer just a numbers game. What was once largely a volume problem — thousands of malicious packages flooding public registries through typosquatting, brandjacking, and low-effort deception — ...
Malicious PyTorch Lightning Packages Found on PyPI
TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise. Lightning versions 2.6.2 and 2.6.3 (tracked as sonatype-2026-002817) were published on April ...
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths
TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised ...
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses
TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most ...
Axios Compromise on npm Introduces Hidden Malicious Package
A newly discovered software supply chain attack targeting the npm ecosystem briefly compromised one of the most widely used JavaScript libraries in the world ...
Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm
Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000 downloads collectively per week and were modified to deliver multi-stage malware. Sonatype is ...
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won't simply ...
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won't simply ...
