HomeTech NewsCybersecurityTarget Open Source Package: Attacks 700 percent more common than three years...

Target Open Source Package: Attacks 700 percent more common than three years ago

Published on

- Advertisement -

Open source repositories are increasingly becoming targets for criminals. In the last year alone, Sona type identified over 55,000 infected packages.


Attacks from software supply chains have increased significantly in recent years: This is shown by the results of the “State of the Software Supply Chain Report” published by the security software provider Sonatype. Accordingly, attacks on upstream repositories of open source projects have increased by 700 percent in the past three years.

- Advertisement -


Attackers are increasingly exploiting vulnerabilities upstream in open source ecosystems to inject malware into corporate projects downstream. According to Sonatype, the vendor’s firewall, which is dedicated to open source supply chains, identified more than 55,000 newly released packages as malicious in the last year. For classification: According to the manufacturer, the firewall uses AI to check around 600,000 package releases per month.

Sonatype plans to publish the final report in October, according to the provider’s press release. Attacks on open source components have repeatedly made headlines in recent years, most recently with Log4Shell. The problem also lies in the fact that projects often use a large number of ready-made software packages and it is therefore difficult to keep track of the packages used. Software bills of materials are intended to remedy this – including free open source tools.

- Advertisement -

- Advertisement -

Latest articles

Elder Scrolls Online Scribes of Fate Recensione: due ottimi nuovi dungeon

Ombra su Morrowind si apre con un duetto di dungeon impegnativo e affascinante: li...

How to record audio with Adobe Podcast and make it sound like a professional

If you're reading this, chances are you're interested in recording high-quality audio for your...

More like this