Cybercriminals Plant Malicious AI Agents in Open Source Tool Repositories
Cybersecurity researchers at ESET identify big rise in suspicious and malicious toolsets which put users at risk from cyber-attacks
Open-source software enables code review and reuse, but known vulnerabilities and unmaintained dependencies can create cybersecurity risks.
Search across headline titles and summaries.
Background for this topic.
Open source is software whose source code is available under a license that permits use, inspection, modification, and redistribution. It may be developed by a community, an organization, or a small group of maintainers; “open” does not guarantee that the code is actively reviewed, supported, or secure.
For security teams, the main concerns are vulnerabilities in dependencies and the software supply chain: a maintainer account, release process, or package can be compromised, while an unmaintained component may retain known flaws. Public code can enable review and faster fixes, but visibility alone is not a control. Maintain an inventory or SBOM of open-source components, pin and verify versions or signatures where possible, monitor vulnerability advisories, and apply updates through a controlled process.
Weekly headline count for the current query.
Cybersecurity researchers at ESET identify big rise in suspicious and malicious toolsets which put users at risk from cyber-attacks
Athena is a new an industry coalition to fix the vulnerabilities frontier AI models find before attackers can exploit them
Most malicious open source packages now mimic real code rather than rely on typosquatting
Open source tool maker Grafana says hackers stole codebase via GitHub breach
A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit
Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers
Google Threat Intelligence Group details how cybercriminals attempted to launch a campaign based around an AI-developed Zero-Day targeting open-source software
Sonatype warns that open source threats became industrialized with a surge in malicious packages in 2025
Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages
Open-source server monitoring tool, Nezha, is being exploited by attackers for remote system control
The backbone breaker benchmark (b3) has been launched to enhance the security of LLMs within AI agents
What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source community
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages
Sonatype’s latest Open Source Malware Index report has identified more than 16,000 malicious open source packages, representing a 188% annual increase
The threat actor used a combination of open-source and publicly available tools to establish their attack framework
Malicious dbgpkg package on PyPI poses as a debugging utility but acts as a delivery mechanism for a stealthy backdoor
Alongside its new Meta AI app, Facebook’s parent company launched several new products to help secure open-source AI applications
Researchers warn that popular open source software package tj-actions has been compromised
OpenSSF has released new baseline security best practices to improve open source software quality