The Manila Times

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

Attackers are Exploiting Trust, Scale, and Automation Across Open-Source and Commercial Software and Emerging AI Ecosystems ...
TechJuice

Open Source Malware Surges Nearly 73% in 2025, Cybersecurity Report Shows

Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.
Infosecurity-magazine.com

Surge in Malicious Software Packages Exploits System Flaws

A rise in malicious software packages exploiting system vulnerabilities has been detected by security researchers. A new report, published by Fortinet today, analyzes threats observed from November ...
CSOonline

Malicious open-source software packages have exploded in 2024

The open-source development ecosystem has experienced a significant rise in malicious software components, putting enterprises on high alert for software supply chain attacks. Malware is infiltrating ...
Business Wire

Lineaje Redefines Software Supply Chain Security with Agentic AI-Driven Risk Elimination, Gold Open Source and SCA360

SARATOGA, Calif.--(BUSINESS WIRE)--Lineaje, the full-lifecycle software supply chain security company, today launched end-to-end capabilities that will fundamentally transform how organizations ...
Business Wire

Continuous Protection for the Cloud Era: Veracode Spotlights Latest Innovations for Advanced Software Security

BURLINGTON, Mass.--(BUSINESS WIRE)--Veracode, a global leader in application risk management, today unveiled a suite of innovations that transform how enterprises approach security. The enhanced ...
Dark Reading

Poisoned npm Packages Disguised as Utilities Aim for System Wipeout

Two malicious npm packages disguised as legitimate developer utilities on the npm registry contain backdoors that could wipe out entire production systems, posing a threat to the software supply chain ...
Network World

Cisco bolsters DNS security package

Cisco (Nasdaq:CSCO) has bulked-up its Domain Name System (DNS) security software with new features including AI-enhanced DNS tunneling mitigation and stronger cloud malware detection. Cisco Secure ...
Security

Can you trust commercial software? Tackling third-party software risk

Supply chain security is rapidly emerging as a material risk for enterprise software buyers. Yet, despite best efforts from regulators to hold software publishers accountable, enterprise buyers ...
Dark Reading

Self-Replicating 'Shai-hulud' Worm Targets NPM Packages

A self-replicating malware is worming its way into open source software components. The malware's name is "Shai-hulud," presumably taking its name from the Dune sandworms, and it's particularly ...
Bleeping Computer

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts ...