Analysis of 5000+ Malicious Open Source Packages
Analysis of malicious open source packages from Datadog's malicious packages dataset. Each of these packages were found in the wild and confirmed to be malicious. The goal of this analysis is to…
Read the full articleYou might also wanna read
Growing Threat of Malicious Attacks via Open-Source Packages
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.

The rising trend of malicious packages in open source ecosystems
In this article, we want to share a broader picture of how the Snyk security team is monitoring and disclosing security incidents concerning

Datadog Warns of Coordinated GitHub API Enumeration Campaigns Targeting Organizations
Datadog Security Research has uncovered multiple coordinated campaigns abusing the GitHub API to systematically map organizations, repositor

Snyk uncovers malicious code activities in open source supply chain security on the npm registry
In a recent npm security research activity, Snyk uncovered a total of 8 npm packages that matched a specific malicious code vector of attack
Census II Report on Open Source Software
The Linux Foundation and the Laboratory for Innovation Science at Harvard have just released a new report: “Vulnerabilities in the Core: Pre
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the cr

Comments
Sign in to join the conversation.
No comments yet. Be the first.