Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204. Compared to the same quarter last year, the volume of detected malware has jumped by 188%, highlighting the escalating scale and sophistication of attacks targeting developers, software teams, and CI/CD pipelines. “Attackers are no longer simply experimenting … More

The post Open source has a malware problem, and it’s getting worse appeared first on Help Net Security.