Sonatype says open source malware campaigns are increasingly abusing trusted packages, workflows, and dependencies to steal credentials and launch supply-chain attacks, underscoring growing security pressure across the OSS ecosystem.
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses
Sonatype says open source malware campaigns are increasingly abusing trusted packages, workflows, and dependencies to steal credentials and launch supply-chain attacks, underscoring growing security pressure across the OSS ecosystem.
Source: Sonatype