open-source security

Supply chain security company Sonatype has released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 malicious open source packages across major ecosystem.

This brings the total number of open-source malware packages Sonatype has discovered to 845,204. Compared to the end of the same quarter last year, the total volume of malware logged by Sonatype has surged 188 percent, underscoring the growing sophistication and scale of attacks aimed at developers, software teams, and CI/CD pipelines.

Kali Linux's latest release, version 2024.2, incorporates crucial updates and new community-contributed packages. Despite a slight delay due to extensive under-the-hood enhancements, the Kali team is excited to announce that version 2024.2 is now available for download or upgrade.

1. The t64 Transition: Securing Future Compatibility
The 2024.2 release introduces the t64 transition, an essential shift to 64-bit time_t types on supported 32-bit ARM architectures, safeguarding against the Year 2038 problem. This change ensures that Kali Linux remains a robust platform for future technologies and challenges.

In a recent security announcement, Red Hat’s Information Risk and Security and Product Security teams have identified a critical vulnerability in the latest versions of the “xz” compression tools and libraries. The affected versions, 5.6.0 and 5.6.1, contain malicious code that could potentially allow unauthorized access to systems. Fedora Linux 40 users and those using Fedora Rawhide, the development distribution for future Fedora builds, are at risk.

The vulnerability, designated CVE-2024-3094, impacts users who have updated to the compromised versions of the xz libraries. Red Hat urges all Fedora Rawhide users to immediately cease using the distribution for both work and personal activities until the issue is resolved. Plans are underway to revert Fedora Rawhide to the safer xz-5.4.x version, after which it will be safe to redeploy Fedora Rawhide instances.