A total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype's Open Source Malware Index.
  • drspod@lemmy.mlEnglish
    2·
    24 hours ago

    This is barely an article. What is Open-source malware? Are they talking about libraries that look legit but contain malware? Typo-squatting? Supply chain attacks? Compromised repositories of legit projects? Or is this actually malware that is released as open-source software so that bad actors can enjoy the freedoms of FOSS?

    • opalfrost@friendica.world
      12·
      24 hours ago

      @drspod @kid
      There is a focus on open source increasing drastically.

      “Sonatype blocked over 20,000 open-source malware attacks in Q1 2025, with most targeting financial services and government institutions. The decrease in ‘noise’ suggests that attackers are becoming more sophisticated, necessitating continuous vigilance in open-source ecosystems.”
      Source*