Over 4,400 packages discovered in Q2 2025 were specifically designed to steal sensitive information, including secrets, personally identifiable information (PII), credentials, and API tokens.
July 8, 2025
Get the latest cybersecurity stats delivered to your inbox every week
Browse more stats from Sonatype or explore Open source
Join 1,000+ security professionals getting weekly insights