Press Release

Endor Labs Finds Malware in Open Source Ecosystems Surges 14x in Two Years as Organizations Struggle to Respond

Photo of Cision PR Newswire Cision PR Newswire Send an email 18 seconds ago
0 2 minutes read

More than 90% of open source vulnerability advisories and 92% of npm account takeovers occurred in 2025, yet fewer than a quarter of organizations enforce protections

PALO ALTO, Calif., April 1, 2026 /PRNewswire/ — Malware in open source software is no longer a fringe threat–it’s accelerating at an unprecedented rate. In 2025 alone, more than 90% of open source vulnerability (OSV) malware advisories were reported, a 14x increase over the past two years, while 92% of npm account takeovers–where maintainers of trusted open-source software (OSS) projects are compromised–also occurred last year. Despite widespread recognition of the threat, with 81% of organizations naming OSS malware a top security priority, only 21% enforce protections like cooldown periods, leaving attackers a widening window to exploit the software supply chain, according to new research from Endor Labs.

Published today, Endor Labs’ report, “Malware in Open Source Ecosystems,” is based on a survey of more than 600 global IT professionals combined with OSV and npm data. It finds that organizations are treating OSS malware as isolated incidents rather than a coordinated security challenge. While most understand the urgency–88% say the first few days after a package release are the riskiest–few take effective action, leaving their environments vulnerable to attackers who are increasingly hijacking trusted packages.

Key findings reveal:

  • A new attack surface hidden in plain sight: Malicious OSS surged in 2025, with advisories issued faster than organizations can respond. Even short-lived malicious versions can be automatically pulled into thousands of environments within hours.
  • The awareness-action gap: Organizations understand the risk, yet fewer than half plan to increase budgets for 2026. Limited enforcement of cooldown periods and protective controls means a disconnect persists between knowledge and action.
  • Structural vulnerabilities: Many compromised packages remain downloadable even after being reported. Only 14% of previously compromised npm packages use modern security controls like Trusted Publishing. Fragmented responsibility across teams further increases exposure.

“Most application security programs were built around vulnerability management, not to detect malware in the software supply chain. Attackers understand this. AI coding agents, MCP servers, and model dependencies are creating new entry points, and we’re already seeing an uptick in malware in open source ecosystems targeting AI coding agents,” said Varun Badhwar, CEO of Endor Labs. “The gap between how fast attackers move and how fast organizations respond is widening, and without a coordinated, cross-functional approach, even strong controls fail in practice.”

Effective mitigation requires treating malware as a coordinated program rather than isolated incidents. Download the full Malware in Open Source Ecosystems report for actionable guidance on securing your open source supply chain here.

Research Methodology
Endor Labs’ research draws on a survey of more than 600 IT professionals across DevOps, Security, and Software Engineering roles at global organizations with 100+ employees. It is complemented by technical analysis of the Open Source Vulnerability (OSV) database and npm package metadata, including trends in account takeovers and adoption of security controls such as Trusted Publishing and attestations. The survey was conducted at a 95% confidence level with a ±4% margin of error.

About Endor Labs
Endor Labs is the agentic application security platform for teams that refuse to compromise between speed and security. It helps teams identify, prioritize, and fix the vulnerabilities across source code, open-source dependencies, and container images. With deep program analysis, automated remediation, and unmatched coverage, Endor Labs empowers modern engineering and security teams to move fast without compromise.

Media Contact
Rebecca Reese
[email protected]

Cision View original content:https://www.prnewswire.com/news-releases/endor-labs-finds-malware-in-open-source-ecosystems-surges-14x-in-two-years-as-organizations-struggle-to-respond-302730716.html

SOURCE Endor Labs

Author

Photo of Cision PR Newswire Cision PR Newswire Send an email 18 seconds ago
0 2 minutes read

Leave a Reply

Related Articles

Georgia Cleantech Innovation Hub Awarded $600,000 by JPMorganChase to Strengthen Atlanta’s Clean Tech Talent and Startup Ecosystem

5 seconds ago

Acieta Evolves Production Footprint to Meet Customer Needs

32 seconds ago

NorthRock Partners Expands Across the Midwest with Addition of Vantage Financial Partners, Surpassing $12 Billion in Assets Under Management

48 seconds ago

Instagram Private Account Viewer: 8 Best Tools That Actually Work

6 minutes ago
Back to top button