Nearly 18,000 New Malicious Packages Discovered in Q1 According to Sonatype Open Source Malware Index
Malware targeting developers reaches 828,925 packages, with data exfiltration threats rising sharply
Open Source Malware Index Q1 2025
Fulton, Md., April 02, 2025 (GLOBE NEWSWIRE) -- Sonatype®, the end-to-end software supply chain security company, today unveiled its Open Source Malware Index, Q1 2025, which examines evolving trends in open source malware and key shifts in malicious open source packages across ecosystems. This quarter's data showed a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified.
Sonatype leads the industry in open source malware threat intelligence, with researchers uncovering major campaigns throughout the year, including nearly a dozen hijacked npm crypto packages, a counterfeit Truffle for VS Code package, and a group of packages targeting Solana developers. Key findings from Q1 2025 include:
Data Exfiltration Malware Dominates: 56% of the malware discovered in Q1 2025 was related to data exfiltration, designed to harvest sensitive information from infected systems, a dramatic increase from 26% in Q4 2024. This rise highlights the growing concern of sensitive information being compromised via malicious open source components.
Crypto Miners Remain Steady: Crypto-mining malware made up 7% of malicious packages discovered in Q1 2025, doubling from 3.5% in Q4 2024, showing that resource-hijacking attacks are still prevalent in open source ecosystems.
Financial Services and Government Institutions Defending Majority of Attacks: Sonatype helped block more than 20,000 open source malware attacks in Q1 2025 — 66% at financial services companies, 14% at government organizations, and 7% in the electricity, oil & gas sector.
Open Source Malware 'Noise' Decreasing: 80% of logged packages in Q1 2025 were made up of more sophisticated and threatening types of malware, such as droppers and code injection malware.
"The data shows a meaningful change in how ecosystem maintainers are taking action against harmful components, but it also reflects the growing sophistication of threat actors," said Brian Fox, Co-founder and CTO of Sonatype. "We have seen a rise in more sophisticated types of open source malware, showing that attackers are innovating in ways that demand ongoing vigilance. You have to block it before it enters the development environment — if open source malware is in your repository, it's already too late."
The quarterly Open Source Malware Index is part of Sonatype's ongoing commitment to equipping organizations with the most up-to-date information on open source security threats. As open source usage continues to grow globally, these insights underscore the need for proactive measures to safeguard the software supply chain.
Sonatype has published year-over-year analysis of open source consumption, risk and threat trends via the annual State of the Software Supply Chain® report for more than a decade. Last year's report showed that open source malware increased by 156% over 2023 and estimated that half of unprotected repositories have already fallen victim to open source malware.
Sonatype Repository Firewall is the industry's only solution designed to block malicious open source components and AI models before they can target development environments through AI behavioral analytics and automated policy enforcement. Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 20,920 open source malware attacks in Q1 of this year.
For more information about open source malware in Q1 2025, visit https://www.sonatype.com/blog/open-source-malware-index-q1-2025.
About Sonatype Sonatype is the software supply chain security company. We provide the world's best end-to-end software supply chain security solution, combining the only proactive protection against malicious open source, the only enterprise grade SBOM management and the leading open source dependency management platform. This empowers enterprises to create and maintain secure, quality, and innovative software at scale. As founders of Nexus Repository and stewards of Maven Central, the world's largest repository of Java open-source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development. More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains. To learn more about Sonatype, please visit www.sonatype.com.
Attachment
Open Source Malware Index Q1 2025
CONTACT: Megan Schmidt Sonatype megan.schmidt@sonatype.com
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
2 hours ago
- Yahoo
WaterField's New All-Day Shinjuku Duffel Masters Work, Workout, and Weekends
San Francisco's WaterField Designs introduces the Shinjuku Duffel, featuring dedicated spaces for office gear, clothing, and quick-access essentials. The new carryall combines the professional aesthetic of a briefcase with expanded capacity for fitness and travel, allowing busy professionals to navigate their day with a single, sophisticated bag. SAN FRANCISCO, June 10, 2025 /PRNewswire/ -- San Francisco's WaterField Designs introduces the Shinjuku Duffel, the latest addition to the company's Shinjuku Collection, inspired by the dynamic energy of Tokyo's Shinjuku district. Crafted from ultra-lightweight, water-resistant X-Pac® Canvas or traditional waxed canvas with premium full-grain leather accents, the new compact duffel features three distinct compartments that elegantly organize the essentials of today's digital nomads – from protecting tech devices on daily commutes, to storing gear for lunchtime workouts, to organizing necessities for overnight trips. VIDEO: Tour the Shinjuku Duffel "Many professionals juggle multiple bags throughout their day – a briefcase for work, a gym bag for fitness, and yet another weekender bag for overnight trips," explained company owner Gary Waterfield. "Our Shinjuku Duffel is your ideal everyday, all-day holdall that blends professional aesthetics and flexible functionality for an efficient way to carry just one handsome bag throughout your day." The Shinjuku Duffel's intelligent design solves common carryall frustrations. The bag's layout, structure, and ample organization allow it to hold an overnight's worth of gear without being large and bulky—nothing is swimming around. Its size and quick-access pockets facilitate smooth commuting, so users aren't fishing for their wallet in a large black hole or swinging an unruly bag shaped like a battering ram in crowded spaces. The Shinjuku Duffel's three-zone organization system includes: a dedicated office compartment with padded laptop and tablet sleeves; a spacious main compartment for personal, fitness, or overnight necessities with organization pockets and a collapsible water bottle sleeve; and a full-length zippered front pocket for quick-access items with internal organization and a key tether. This thoughtful separation of work gear from clothing and smaller items caters to commuters, hybrid workers, and frequent travelers. A rear magnetic pocket securely holds passports and other valuables against the body. The main compartment features a full-length zipper that extends down the sides allowing the bag to open wide, while internal gussets keep contents in place. This feature enables users to easily pack, locate, and access items anywhere in the duffel bag, even those at the bottom. A gold, water-resistant liner brightens the interior eliminating the "black hole" effect common to standard duffels. The bright liner also resists stains and wipes clean easily. The Shinjuku Duffel is offered in X-Pac® Canvas – a high-performance textile that combines ultra-lightweight, water-resistant, and highly durable X-Pac® with canvas for a soft touch – making the bag feel light even when fully packed. The duffel is also available in rugged waxed canvas for those preferring a classic, well-traveled aesthetic. Both options feature sumptuous full-grain leather accents. Features: Three custom compartments: A dedicated office section with a padded laptop sleeve with charging cutouts (for up to a 16-inch MacBook Pro), a padded tablet pocket (for up to a 13-inch iPad Pro), and a full-length document pocket. A spacious main compartment with four elevated translucent mesh pockets and a retractable water bottle holder. A three-quarter zipper opens wide and internal gussets keep contents secure. A pleated full-length front quick-access pocket with internal mesh pockets, pen slots, and a key tether. A hidden, magnetic rear pocket holds passports, transit cards, and other quick-access items. Closed-cell foam padding on front, rear, and bottom panels add structure and enhance protection and durability. Gold, easy-clean liner illuminates interior for enhanced visibility. Three carry options ease transport: comfortable leather-wrapped handles, suitcase handle pass-through, and WaterField's removable Supreme Suspension Strap. Available in ultra-light, abrasion and water-resistant X-Pac® Canvas or traditional waxed canvas, each paired with full-grain leather accents, YKK waterproof zippers, and custom metal hardware combine for a look suitable in both formal and casual settings. Handcrafted to exacting standards in San Francisco with a lifetime warranty for defects in materials and workmanship for the product's lifetime. The Shinjuku Duffel is the sixth addition this year to WaterField's Shinjuku Collection of bags, inspired by Tokyo's vibrant trendy neighborhood, each designed to combine mobility and accessibility with sophisticated styling. The new duffel joins WaterField's collection of carryall bags for active professionals. Availability & Pricing: The Shinjuku DuffelPrice: $419Colors and materials: X-Pac® canvas in black or olive green with black full-grain leather accents; navy blue or tan waxed canvas with chocolate full-grain leather accents. Gold ripstop nylon YKK® waterproof zippers, custom metal zipper pulls, rare-earth and weight: 16.5 x 10.5 x 10.5 inches; X-Pac® Canvas 2.4 lbs.; Waxed Canvas 2.85 lbs.; 27 liters. Available now at About WaterField Designs WaterField Designs is an innovative San Francisco designer and manufacturer of bags and cases for tech-savvy consumers who want to stylishly and responsibly transport their technology. WaterField manufactures custom-fitted, high-quality cases and bags for a full range of laptop computers, smartphones, tablets, gaming devices, and other digital gear. All products are manufactured to exacting standards entirely in San Francisco. More information is available at the company website under "Our Story." WaterField Designs, Shinjuku Duffel, Shinjuku Collection, and SFBags are trademarks of WaterField Designs. Other company and product names may be trademarks of their respective owners. Copyright ©2025. All Rights Reserved. View original content to download multimedia: SOURCE WaterField Designs Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
3 hours ago
- Yahoo
RenaissThera Achieves Discovery Milestone in Its Oral Obesity Drug Program
BENGALURU, India, June 09, 2025 (GLOBE NEWSWIRE) -- RenaissThera Private Limited ('RenaissThera'), a Bengaluru-based biotechnology company, announced a major milestone in its obesity drug discovery program targeting the glucose-dependent insulinotropic polypeptide receptor (GIPR). GIPR, an incretin receptor, is a validated target for peptide-based parenteral therapies where both stimulation and inhibition has shown efficacy in treating obesity and its co-morbidities. RenaissThera is developing novel, oral small molecules, both agonists and antagonists, as a more affordable and convenient alternative aiming to expand access for underserved populations in the global obesity market projected to reach USD 38 billion by 2032. Oral small molecules are more economical to manufacture and distribute than peptide-based obesity drugs. These molecules were designed and screened using proprietary AI and ML based platforms, followed by demonstrating in-vitro activity in cell lines and in-vivo activity to impact GIPR in mice to yield 'Hits'. RenaissThera now is advancing these Hits to the Lead optimization program to select candidates for pre-IND studies. RenaissThera is filing 'Composition of Matter' and utility patents for these oral novel small molecule GIPR modulators and continues to expand its innovation portfolio targeting GIP, GLP-1, and apelin receptors in obesity and diabetes. Its AI-powered Innovation Platform, integrating GenAI and machine learning tools, is accelerating the design and optimization of novel small molecules. 'We are grateful to our investors and collaborators for supporting us in reaching this milestone. Our team is focused on pushing candidates toward IND-readiness next year and we are in active discussions with potential pharma partners and investors interested in our obesity program,' said Meena, MD, CEO of RenaissThera. RenaissThera's progress was enabled through its collaboration with VedTechBio Research Private Limited which enabled access to its Agentic AI platform RxAgentAI and discovery expertise. 'We are very pleased with the outcomes of our collaboration with RenaissThera. This milestone further validates our platform and capabilities across key therapeutic areas including obesity, Type 2 diabetes, oncology, and inflammation,' said VedTechBio's Managing Director Sudhir Nagarajan. About RenaissThera RenaissThera is a Bengaluru-based biotech company developing affordable, AI-powered novel small-molecule therapies for high-unmet-need diseases like obesity and diabetes. Its goal is to innovate for underserved populations and expand global access to novel therapies. It leverages India's CRO ecosystem for early-stage R&D to deliver globally relevant innovation. For more information Please contact: Media: Lakshmi Ramakrishna lramakrishna@ Investor & Partnership: Ramkesh Meena bd@
Business Upturn
5 hours ago
- Business Upturn
Itron Launches Cyble 5 Module in APAC Region to Transform Water Utility Operations
LIBERTY LAKE, Wash., June 09, 2025 (GLOBE NEWSWIRE) — Itron, Inc. (NASDAQ: ITRI), which is innovating new ways for utilities and cities to manage energy and water, is bringing its Cyble™ 5 communications module to the Asia-Pacific region. The module, which is currently deployed throughout EMEA, allows mechanical water meters to become communication devices. This facilitates the transition from manual meter reading to automated meter reading and advanced metering infrastructure by improving the functionality of existing mechanical meters. With the Cyble 5 communication module, utilities across the region can upgrade their metering infrastructure, reduce costs, and support sustainability initiatives without extensive infrastructure replacement. The Cyble 5 communication module will be produced by PT Mecoindo in Cikarang, Indonesia, beginning Q4 2025. The Cyble 5 module addresses the diverse challenges facing utilities across the Asia-Pacific region, from streamlining the transition to smart metering to enabling conservation programs. In warmer and drier climates, such as Australia and New Zealand, the module's leak detection feature is particularly useful in combating water scarcity. Each Cyble 5 module has a continuous flow alarm and collects data hourly, helping utilities detect and manage leaks more effectively. This is a crucial benefit for water conservation and expanding water loss reduction programs. With extreme weather events on the rise, having a communications module built for extreme environments is crucial. The Cyble 5 module is built to resist water, contaminants, corrosion, humidity, and hot temperatures. Utilities across the entire region will benefit from the Cyble 5 module's versatility and durability. The Cyble 5 module is easy to connect with no wiring or wall mount required, allowing utilities to transition at their own pace without having to replace existing infrastructure before its useful life expires. 'Itron has shipped more than 2 million Cyble 5 modules in the EMEA region, and we are looking forward to expanding our offering to APAC. Utilities like Severn Trent Water in England have reduced water losses by millions of liters by identifying and repairing water leaks across their service territory with the Cyble 5. We look forward to bringing these and other benefits to utilities across the APAC region,' said Justin Patrick, senior vice president of Device solutions at Itron. To learn more about product features, visit the product spec sheet. About Itron Itron is a proven global leader in energy, water, smart city, IIoT and intelligent infrastructure services. For utilities, cities and society, we build innovative systems, create new efficiencies, connect communities, encourage conservation and increase resourcefulness. By safeguarding our invaluable natural resources today and tomorrow, we improve the quality of life for people around the world. Join us: Itron®, the Itron Logo and Cyble™ are trademarks of Itron, Inc in the United States and/or other countries and regions. All third-party trademarks are property of their respective owners and any usage herein does not suggest or imply any relationship between Itron and the third party unless expressly stated. For additional information, contact: Itron, Inc. Alison MallahanSenior Manager, Corporate Communications509-891-3802 [email protected]
