Endor Labs Reports Dramatic Increase in Open Source Malware, Organizations Struggle to Keep Up

Surge in Open Source Malware: A Growing Concern for Organizations

A recent report from Endor Labs reveals a startling surge in malware incidents within open source software ecosystems, highlighting a significant shift in security dynamics. In 2025, over 90% of malware vulnerability advisories pertaining to open source software (OSS) were reported, marking a staggering 14-fold increase compared to the previous two years. This alarming trend underscores the evolving landscape of digital security threats that organizations must navigate.

The report indicates that 92% of npm account takeovers, where trusted maintainers of open source projects are compromised, also transpired last year. Despite the high stakes and widespread acknowledgment of the threat, many organizations struggle to adapt their security measures effectively. While 81% of organizations consider OSS malware a top priority, only 21% have implemented protective measures such as cooldown periods, which serves as a gap that attackers can exploit.

Key findings from the research, which surveyed over 600 IT professionals globally and analyzed OSV and npm data, suggest that organizations still view OSS malware incidents in isolation rather than as part of a larger, coordinated security risk. Despite 88% of respondents acknowledging the increased risk in the days following a package release, few organizations are taking decisive action. This inaction leaves their environments vulnerable to attackers who are increasingly focusing on hijacking trusted packages.

An Evolving Threat Landscape

The findings of the report indicate that malicious open source software is gaining traction, posing new security challenges. Cyber criminals are taking advantage of the rapid deployment of malicious OSS, with advisories being issued faster than organizations can respond. Even breaches involving short-lived malicious versions of packages can lead to widespread exploitation across thousands of environments within mere hours.

Moreover, there remains a critical awareness-action gap. Organizations acknowledge the risks associated with OSS malware, yet fewer than half plan to boost their security budgets for the upcoming year. The limited enforcement of protective controls highlights a disconnect between the recognition of risk and actionable measures to mitigate it.

Structural vulnerabilities persist as well. Many compromised packages still remain downloadable, even after they have been flagged. Alarmingly, just 14% of previously compromised npm packages have adopted advanced security measures like Trusted Publishing. Fragmented responsibilities across various teams further exacerbate the risk of exposure, making it imperative for organizations to unify their approaches to security.

A Call for Comprehensive Security Strategies

Varun Badhwar, CEO of Endor Labs, emphasizes the urgency of developing more effective security measures. He states, "Most application security programs were constructed around vulnerability management rather than detecting malware in the software supply chain. Attackers are leveraging AI coding agents and other new pathways to gain access, and we're witnessing an uptick in malware targeting these systems in open source ecosystems."

Badhwar goes on to warn that unless organizations adopt a coordinated, cross-functional approach to addressing these security challenges, even the most robust controls may prove ineffective.

As the gap between the rapid pace of attacker innovations and the response speed of organizations widens, it becomes increasingly crucial for teams to implement a thorough and integrated security strategy. Rather than responding to incidents in isolation, organizations must treat malware threats as coordinated attacks to fortify their software supply chains against ongoing and future vulnerabilities.

For organizations looking to enhance their security posture, the full report, “Malware in Open Source Ecosystems,” is a valuable resource that provides actionable insights for safeguarding against potential risks associated with open source software.

Conclusion

In light of the findings from Endor Labs, it is evident that addressing malware within open source ecosystems needs significant strategic shifts. With evolving threats requiring adaptive and comprehensive security measures, organizations must rise to the challenge, fostering a culture of continuous awareness and proactive prevention. Visit Endor Labs for further insights on secure OSS practices.