Project of AEREZONA DEVELOPERS. Contact Us at: +92-300-3308001 email at: [email protected]
HomeTech NewsCybersecurityTarget Open Source Package: Attacks 700 percent more common than three years...

Target Open Source Package: Attacks 700 percent more common than three years ago

Published on

- Advertisement -

Open source repositories are increasingly becoming targets for criminals. In the last year alone, Sona type identified over 55,000 infected packages.


Attacks from software supply chains have increased significantly in recent years: This is shown by the results of the “State of the Software Supply Chain Report” published by the security software provider Sonatype. Accordingly, attacks on upstream repositories of open source projects have increased by 700 percent in the past three years.

- Advertisement -


Attackers are increasingly exploiting vulnerabilities upstream in open source ecosystems to inject malware into corporate projects downstream. According to Sonatype, the vendor’s firewall, which is dedicated to open source supply chains, identified more than 55,000 newly released packages as malicious in the last year. For classification: According to the manufacturer, the firewall uses AI to check around 600,000 package releases per month.

Sonatype plans to publish the final report in October, according to the provider’s press release. Attacks on open source components have repeatedly made headlines in recent years, most recently with Log4Shell. The problem also lies in the fact that projects often use a large number of ready-made software packages and it is therefore difficult to keep track of the packages used. Software bills of materials are intended to remedy this – including free open source tools.

- Advertisement -

- Advertisement -

Latest articles

Brave already has ads, preserving privacy, in its search engine

Brave is an organization that develops privacy-by-design products, and is now launching the global...

Company of Heroes 3 advances and shows more of its potential | hands-on

The game Company of Heroes 3 its launch was postponed, but it registered a...

More like this