ReversingLabs’ 2025 Software Supply Chain Security Report finds that security flaws in commercial and open source code are epidemic as hackers target supply chains including those for cryptocurrency and AI in a play for access to sensitive data and IT assets.
A newly discovered campaign pushing malicious open source software packages is designed to steal mnemonic phrases used to recover lost or destroyed crypto wallets, according to a report by ReversingLabs.
Amid a spike in attacks on software supply chains, GitGuardian launched HasMySecretLeaked.com, a site that allows developers and appsec teams to search for exposed secrets.
Researchers at Checkmarx say that a cybercriminal group, LofyGang, has targeted the open-source supply chain with hundreds of malicious packages to steal credit card information, stream accounts, and promote hacking tools.
