Negative
26Serious
Neutral
Optimistic
Positive
- Total News Sources
- 2
- Left
- 0
- Center
- 0
- Right
- 1
- Unrated
- 1
- Last Updated
- 19 days ago
- Bias Distribution
- 100% Right


Malicious Open Source Packages Surge in Q2 2025
In the second quarter of 2025, malicious open-source software packages surged by 188%, with over 16,000 new threats identified across major ecosystems such as npm, PyPI, and Maven Central. Data exfiltration was the primary motive, with most packages designed to steal credentials, API keys, and personal information, while destructive malware targeting data corruption doubled in prevalence. Cryptomining malware declined to represent just 5% of threats as attackers shifted focus to credential theft and long-term infiltration. The Lazarus Group, linked to North Korea, was associated with over 100 malicious packages, highlighting the role of state-backed actors. A new trend in browser-based threats emerged, exemplified by the RedDirection campaign, which leveraged popular Chrome and Edge extensions to hijack sessions and spy on more than 2.3 million users. These developments emphasize the escalating risks across software supply chains and the need for heightened vigilance among developers, security teams, and end users.

- Total News Sources
- 2
- Left
- 0
- Center
- 0
- Right
- 1
- Unrated
- 1
- Last Updated
- 19 days ago
- Bias Distribution
- 100% Right
Negative
26Serious
Neutral
Optimistic
Positive
Related Topics
Stay in the know
Get the latest news, exclusive insights, and curated content delivered straight to your inbox.

Gift Subscriptions
The perfect gift for understanding
news from all angles.