The 1Q 2025 Open Source Malware Index from Sonatype revealed that open source malware packages doubled compared to the same period last year, with 56% related to data exfiltration attacks. There was also an increase in crypto-mining malware. The report also revealed that 66% of attacks targeted financial services. It highlighted the need for proactive action, with the company blocking over 20,000 open source malware attacks.
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese advanced persistent threat (APT) group exploited CVE-2025-22457, a previously unexploitable buffer overflow bug, to compromise devices running Ivanti Connect Secure (ICS) and
