Sonatype Reports 156% Increase in OSS Malicious Packages
A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019, as OSS adoption continues to skyrocket
Reports provide structured accounts of cyber incidents, vulnerabilities, and controls, helping readers assess security risks and responses.
Search across headline titles and summaries.
Background for this topic.
A report is a documented account of an event, investigation, assessment, or analysis, supported by evidence and presented for others to review. In information security, the term commonly covers incident findings, vulnerability research, threat-intelligence assessments, audit results, and surveys of security practices. A useful report states its scope, methods, evidence, timeframe, and level of confidence rather than presenting conclusions without context.
Reports help practitioners prioritize remediation, validate controls, and improve incident response, but their details require careful interpretation. A vulnerability report should identify affected versions, exploit conditions, and mitigation steps; an incident report should distinguish confirmed facts from assumptions and protect sensitive personal or investigative data. Threat reports may contain indicators of compromise that need verification before being used in detection systems. Reports used for compliance or executive decisions should preserve a clear evidence trail, since incomplete scope, outdated findings, or undisclosed conflicts can lead to misplaced security priorities.
A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019, as OSS adoption continues to skyrocket
Includes 72-Hour Incident Reporting Mandate That Went into Effect on Oct. 2General hospitals in New York State must now report cyber incidents to state regulators within 72 hours under new cybersecurity requirements that went into effect on Oct. 2. The hospitals have until next fall to comply with a long list of other security mandates, including appointing a CISO.
GAO: SSA Fails to Meet Industry and Federal Electronic Verification System GoalsThe Social Security Administration is facing criticism for failing to update its fraud prevention technology, leaving financial institutions and federal authorities at risk of missing synthetic identity scams, according to a new Government Accountability Office report.
Cyber Bill Says the Government Can't Use Information to Prosecute VictimsRansom payments are typically tightly held secrets between cybercriminals and their victims, but the Australian government has introduced a cybersecurity bill in Parliament that would require require larger businesses to report ransom payments to the government.
Crime Syndicates Too Powerful for Regional Governments to Police, UN Report WarnsCybercrime syndicates across Southeast Asia have teamed up with human traffickers, money launderers and cryptocurrency services to build an increasingly effective cybercrime ecosystem that can survive law enforcement crackdowns, according to a new United Nations report.
Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads
Tenable’s latest report reveals 38% of organizations face risks from a “toxic cloud triad” of security gaps
A UN report found that organized crime groups in the region have rapidly integrated malware, generative AI and deepfakes to enhance their fraud activities
The Chinese state-sponsored cyberattack threat managed to infiltrate the "lawful intercept" network connections that police use in criminal investigations.
Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.8% of global cyber events and losses, emphasizing the escalating