Open source technology offers benefits such as flexibility and lower costs, but it’s difficult to ignore the growing risks.

In September 2025, the first ever registry-native worm malware, Shai-Hulud saw attackers compromise npm, the world's largest software registry and the default package manager for the Node.js runtime environment.

Shai-Hulud spread through a cascading compromise of npm accounts, inserting malicious code into legitimate public and private npm packages belonging to developers.

Then in November, the worm returned with the Shai-Hulud 2.0 campaign, super-charging its predecessor with more automation, faster propagation and a broader target set.

Over the two campaigns, Shai-Hulud compromised more than 1,000 npm packages as part of a larger outbreak that exposed an estimated 25,000 GitHub repositories, according to a report by ReversingLabs.

Overall, malicious package insertions have surged over the past year, with 10,819 malicious npm packages in 2025 – more than double the previous year, the report found. The report identified a significant spike in threats, with cybercriminals and state-sponsored adversaries attacking open source and commercial software supply chains, as well as AI development pipelines.

The Shai-Hulud worm is the “clearest warning shot” of the risks posed by open source, says Bharat Mistry, field CTO at Trend Micro. It infiltrated nearly 1,000 widely-used modules, including high traffic packages such as ctrl/tinycolor, which ships millions of downloads a week.

“From there, attackers fanned out across npm, Go, PyPI, and NuGet, pushing typosquats, poisoned updates and backdoored libraries that stayed active long after maintainers tried to remove them.”

Supply Chain Weakness

Over the past year, most of the major open source incidents have come from software supply chain weaknesses, particularly malicious or compromised open source packages, says Katie Barnett, director of cybersecurity, Toro Solutions.

“Attackers have repeatedly uploaded libraries to repositories such as npm and its Python equivalent PyPI, which look legitimate but contain credential-stealing or backdoor functionality. Because many organisations automatically pull dependencies into their builds, a single malicious package can spread widely before it is noticed.”

There have also been several cases involving compromised build and automation tooling. For example, the Continuous Integration/Continuous Deployment (CI/CD) workflows automated DevOps pipelines that allow developers to frequently merge, build, test and release code changes.

“When attackers gain access to these environments, they can extract API keys, access tokens and cloud credentials, which can then be used to move further into corporate systems without needing to exploit a traditional vulnerability,” Barnett tells SC Media UK.

At the same time, adversaries are exploiting structural weaknesses in open source maintenance. “Many critical components are maintained by individuals or very small teams who update infrequently and may lack strong identity protections such as multi-factor authentication,” says Joshua Wright, fellow at SANS Institute.

As a result, compromising a maintainer account can be easier than breaching a well-defended enterprise network, he warns.

Evolving Threat

The open source threat is evolving quickly. The threat sophistication is simultaneously becoming more widespread – like the Shai-Hulud attack –  and more targeted – as seen in the recent attack on Notepad++, says Andrew Martin CEO at security consultancy Control Plane and CISO for OpenUK. “In the Notepad++ case, the distribution of updates was compromised by a nation-state attacker, but only for a very specific and targeted set of users, who were redirected to download the malicious package.”

Open source weaponisation has “become faster, more sophisticated and less predictable” than a year ago”, says Jonas Rosland, director of open source programs Sysdig. He describes how attackers are increasingly using AI to automate the entire attack lifecycle. “Vulnerability discovery, exploitation and lateral movement are happening at speeds that would have seemed impossible just months ago.”

Rod Cope, CTO at Perforce and founder of Open Logic, concurs. “With everyone having access to open source and also to AI, anyone can launch thousands of attacks simultaneously.”

For example, in supply chain attacks, an adversary can instruct AI to create several fake websites that look like real ones. “They can add in malware or viruses, and then automatically send out large volumes of messages to persuade people to visit those websites and download content,” says Cope.

At Risk Businesses 

It’s estimated that 96% of software produced today relies on open source, so the risk impacts most businesses.

Technology firms, financial institutions, healthcare organisations, manufacturers and cloud providers are all impacted – particularly those with rapid development cycles and automated build pipelines, says Ed Skoudis, president and fellow at SANS Institute.

However, slower moving organisations are not immune, as deeply embedded dependencies can “persist unnoticed for years,” he warns.

Organisations with weak governance, limited visibility into their software supply chain or inconsistent patching practices are “highly exposed,” because “unmanaged dependencies and slow remediation create easy entry points,” says Mistry.

Taking this into account, the most important mitigation is understanding, says Martin. “You need to understand what open source you’re consuming and where it’s used. Then you can ensure each dependency is proactively kept up-to-date and triaged appropriately when the next vulnerability is found.”

Maintainers of open source projects are also starting to advertise the security of their projects, says Martin. “When maintainers adopt technologies like OpenSSF’s Scorecard or the best practices from Security Baseline, they harden their project against many of the most common attacks,” he advises.

It’s important to “be sceptical” and “to have rigorous code review processes in place”, says Cope. Meanwhile, he advises ensuring senior people “spend more time verifying code quality” and “directing and guiding the work of both junior human and AI colleagues.”

It is equally key to secure development and build environments by limiting permissions, using short-lived credentials, applying the principle of least privilege to service and development accounts and monitoring for unusual activity – such as unexpected changes to build scripts or unexplained outbound connections, says Barnett.

As compromised supply chains continue to pose a growing risk, organisations should avoid treating external updates as automatically trusted, says Barnett. “Pinning dependencies to approved versions, scanning packages before integration and using internal repositories or mirrors instead of pulling code directly from public registries can significantly reduce supply chain exposure.”

Kate O'Flaherty Cybersecurity and privacy journalist