A new report from Sonatype identifies 21,764 malicious open source packages in the first quarter of the year, up 21 percent from the same period last year and bringing the total logged since 2017 to 1,346,867. The npm registry continues to be the target of most new malicious attacks, at 75 percent, seeing the equivalent of 46 malicious packages per day, with the quarter defined by credential theft, host reconnaissance, and staged payload delivery aimed at developer and CI/CD environments. Python package index PyPI saw 18 percent of total malware in Q1, with other registries significantly lower, suggesting that attackers… [Continue Reading]