Open-source attacks move through normal development workflows

Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine point of entry for attackers, with malicious activity blending into normal build and deployment processes. A recent ReversingLabs study documents how these conditions played out across open source ecosystems during 2025, with attackers leaning on scale, trust, and automation to spread malware and harvest credentials. Share of 2025 open-source …