Webinar | April 14, 2026 11:00 AM EDT
The Evolution of Open Source Malware
Register NowIn 2025, over 454,600 new malicious packages were identified, bringing the total to over 1.233 million across npm, PyPI, Maven Central, NuGet, and Hugging Face. Over 99% of these threats targeted npm, with attackers engineering sophisticated, multi-stage payload chains that exploit how modern software is built and shipped.
Join us for an exclusive webinar featuring the authors of the 2026 State of the Software Supply Chain Report (SSCR) as they unpack the last year's malware landscape, and discuss what we'll see in 2026. From the first-ever self-replicating npm malware to the rise of AI-driven threats, this session will explore the cutting-edge tactics used by malicious actors and provide actionable insights to safeguard your development pipelines.
What You'll Learn:
-
How state-linked entities like the Lazarus Group are advancing from simple droppers to five-stage payload chains, targeting developers and build environments.
-
The emergence of self-replicating malware, such as Shai-Hulud, which autonomously propagates across open source ecosystems.
-
How open source malware turns software developers into the attack vector in order to infiltrate developer machines.
-
Strategies to protect your organization against the next frontier of software supply chain attacks.
Secure your software supply chain. Gain expert strategies to outsmart attackers and protect your development pipelines.
Explore the latest open source and AI trends in the 2026 State of the Software Supply Chain Report. Read now!
Featured Speaker
Meredith Eisen
Director of Product Management
