Open Source Malware Soars By 156% - 1

Image from Freepik

Open Source Malware Soars By 156%

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

  • Open source malware increased by 156% over the past year.
  • 80% of application dependencies remain un-upgraded for over a year.
  • Projects with paid support resolve vulnerabilities up to 45% faster than others.

Sonatype announced on Thursday its 10th Annual State of the Software Supply Chain Report , revealing a staggering 156% increase in open source malware in the past year, alongside a record 6.6 trillion downloads of open source software.

The findings underscore the growing risks associated with software supply chains, which are becoming increasingly vulnerable as open source consumption accelerates.

The report, grounded in data from over 7 million open source projects, highlights a remarkable 80% increase in Python package requests and a 70% rise in JavaScript downloads, indicating a significant surge in software consumption.

However, this surge is accompanied by a troubling proliferation of malicious packages, with 704,102 identified since 2019. Notably, several critical vulnerabilities took over 500 days to remediate in 2024, revealing the backlog facing maintainers.

Consumer complacency exacerbates this issue; despite 99% of packages having updated versions available, 80% of application dependencies remain un-upgraded for over a year. Alarmingly, when vulnerable components are identified, 95% of the time, a fixed version already exists.

To combat these growing threats, Sonatype advocates for increased investment in open source projects.

The report reveals that open source projects with paid support are nearly three times more likely to have comprehensive security policies in place. Moreover, components with paid support resolve outstanding vulnerabilities up to 45% faster and generally have half the vulnerabilities overall.

The report also points to emerging regulations, such as the Network and Information Systems Directive (NIS2) in the EU, which are promoting Software Bill of Materials (SBOM) adoption.

“Over the last decade, we’ve seen software supply chain attacks increase in sophistication and frequency, particularly with the rise of open source malware,” said Brian Fox, CTO and Co-Founder at Sonatype.

“In order to ensure a vibrant and secure open source ecosystem for the decade ahead, we must build a foundation of proactive security with vigilance against open source malware, decreased consumer complacency, and comprehensive dependency management,” he added.

These challenges in the software supply chain reflect a broader trend in the cybersecurity landscape. A new report highlights that 66% of cybersecurity professionals find their roles more stressful than five years ago, largely due to an increasingly complex threat landscape, low budgets, and insufficiently trained staff.

Microsoft Introduces AI To Streamline Nursing Tasks And Boost Care Delivery - 2

Image by Planet Volumes, from Unsplash

Microsoft Introduces AI To Streamline Nursing Tasks And Boost Care Delivery

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

  • Microsoft unveiled new healthcare innovations through its Microsoft Cloud for Healthcare platform.
  • Microsoft Fabric improves healthcare data access, management, and analysis with a unified platform.
  • AI-driven nursing workflow solution reduces documentation time, allowing nurses to focus on patients.

On Thursday, Microsoft announced several new innovations within its Microsoft Cloud for Healthcare platform, designed to improve care delivery, enhance collaboration, and provide healthcare workers with AI-driven tools.

One of the central components is the new healthcare AI models which enable healthcare organizations to integrate and analyze a wide variety of data types—from medical imaging to genomics—allowing for more efficient deployment of AI solutions tailored to specific needs.

For example, MIT recently announced a new AI tool, ScribblePrompt , which speeds up medical image analysis and reduces annotation time by 28% compared to other models.

Additionally, a recent study found that an AI model achieved 98.71% accuracy in diagnosing diseases by analyzing patients’ tongues. It can detect conditions like diabetes, stroke, anemia, asthma, liver issues, COVID-19, and various vascular and gastrointestinal problems.

This approach is expected to drive progress in fields such as cancer research, where AI can offer insights that complement traditional diagnostic methods.

A significant development in this suite of updates is the AI-driven nursing workflow solution. This tool, created in collaboration with several healthcare institutions, automates the drafting of nursing documentation, which allows nurses to focus more on patient care rather than administrative tasks.

“With the World Health Organization (WHO) predicting a shortage of 4.5 million nurses by 2030, the urgency to deliver technology to support the nursing profession is felt more than ever” the company noted.

Corey Miller, vice president of R&D at Epic, highlighted how this AI solution is transforming nursing workflows.

“AI is transforming nursing workflows by streamlining administrative tasks, allowing nurses to focus more on patient care,” he said. The tool uses ambient voice technology to populate patient assessments, reducing the time spent on documentation.

Terry McDonnell, senior vice president and chief nurse executive at Duke University Health System, added, “By automating tedious tasks, Microsoft’s ambient AI solution helps alleviate burnout.”

CNBC noted that according to a report from the Office of the Surgeon General , nurses spend up to 41% of their time on documentation.

Microsoft also introduced a new healthcare agent service to help health-care organizations address challenges like staff shortages, rising costs, and high patient demands.

The healthcare agent service enables organizations to create their own AI-powered agents with reusable healthcare features and credible intelligence. The service supports various use cases, such as automating appointment scheduling and clinical trial matching, and allows plugin extensions for customization.

According to CNBC, many of the solutions Microsoft unveiled on Thursday are still in early development or available only in preview. Health-care organizations will test and validate these tools before Microsoft releases them more widely. The company did not disclose the pricing for the new tools.