Kaspersky Reports 37% Rise in Supply Chain Attacks

KHADAMATY-NEW 

Global cybersecurity company Kaspersky has reported a significant 37% increase in malicious software packages affecting open-source supply chains worldwide, highlighting a growing threat to modern software development ecosystems

According to Kaspersky telemetry, nearly 19,500 malicious packages were identified in open-source projects by the end of 2025, compared to the previous year. The findings underline the rising risks associated with software supply chain attacks, now considered one of the most prevalent cyber threats facing organizations globally

Rising Threats in Open-Source Software Supply Chains

Modern software development relies heavily on open-source components. However, this dependency also increases exposure to hidden malicious code embedded within widely used libraries and tools, potentially compromising entire digital infrastructures.ط

Kaspersky’s latest global study identifies supply chain attacks as the leading cybersecurity threat over the past year, driven by increasing sophistication in targeting trusted software ecosystems

High-Profile Supply Chain Cyberattacks

Kaspersky highlighted several major incidents demonstrating the scale and impact of these attacks:

CPU-Z and HWMonitor compromise (April 2026):

Official websites for popular hardware monitoring tools were breached, distributing malware-laced installers for approximately 19 hours. More than 150 victims were identified across multiple countries, affecting sectors including retail, manufacturing, telecom, and consulting

Axios JavaScript library attack (March 2026):

Attackers hijacked a maintainer account and released compromised package versions containing a malicious dependency that deployed a cross-platform remote access trojan (RAT) across Windows, macOS, and Linux systems.

Notepad++ supply chain breach (February 2026):

Infrastructure compromise exposed multiple infection chains targeting organizations in government, finance, and IT services across several countries, demonstrating the global scale of open-source vulnerabilities

Expert Insight on Supply Chain Security Risks

Commenting on the findings, Dmitry Galov, Head of Kaspersky GReAT Russia and CIS, noted that supply chain attacks have affected a significant portion of enterprises globally

He emphasized that while 31% of enterprises report being impacted by such attacks, open-source ecosystems are not inherently less secure than proprietary systems. In some cases, open-source communities are able to detect and patch vulnerabilities more quickly due to collaborative monitoring

“Completely eliminating risk is impossible, but it can be significantly reduced through continuous monitoring, threat intelligence, and automated security tools,” Galov said