• Home
• Technology

New telemetry data from Kaspersky reveals a alarming escalation in supply chain threats, with malicious packages in open-source projects reaching 19,500 by late 2025—a 37% year-on-year increase. The report underscores that as modern software development leans heavily on open-source components, attackers are increasingly embedding hidden threats to exploit the trust within these ecosystems. According to a global study by Kaspersky, supply chain attacks have become the most prevalent threat, impacting 31% of organizations worldwide over the past 12 months.

The report highlighted high-profile breaches occurring as recently as April 2026, including the compromise of official websites for CPU-Z and HWMonitor. In this 19-hour window, authentic installers were replaced with malware-laden versions, affecting users across retail, manufacturing, and telecommunications sectors. Additionally, the widely-used Axios library was compromised in March 2026 after attackers hijacked a maintainer's account to publish malicious versions (1.14.1 and 0.30.4). Kaspersky’s Global Research and Analysis Team (GReAT) warns that these incidents signify a "new normal" where the software building blocks themselves are the primary weapon.