Sonatype detected and logged 107 malicious components attributed to the Lazarus Group, a North Korea-linked Advanced Persistent Threat (APT), across both npm and PyPI in late Q2 2025.
July 8, 2025
Get the latest cybersecurity stats delivered to your inbox every week
Browse more stats from Sonatype or explore Open source
Join 1,000+ security professionals getting weekly insights