InfoSecBulletin Cybersecurity for mankind
Today, software supply chain security management company Lineaje, released a new report titled “What’s in Your Open-Source Software?” that found 82% of open-source software components are “inherently risky” due to a mix of vulnerabilities, security issues, code quality or maintainability concerns.
The report highlighted that while more than 70% of software in the enterprise is open source, these elements often aren’t tracked, maintained, updated or inventoried, leaving serious vulnerabilities in the software supply chain for threat actors to exploit.
(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points
1.6M fitness phone call recordings exposed online
Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days
Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials
Hacker Exploit Amazon SES to Send 50K Phishing Emails
SafePay Ransomware
SafePay Ransomware Attacks 73 Orgs in a Single Month
Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate
Misconfig Server Exposed 378GB of Navy Federal Credit Union Files
This comes less than a week after CISA called for software vendors to take action to implement “secure-by-design” development processes to ship code that’s secure “out of the box.”
Lineaje also found significant risk among widely-used open-source solutions, analyzing the top 44 popular projects of the Apache Software Foundation and discovering that 68% of dependencies are from non-Apache Software Foundation open-source projects, many with opaque origin and update mechanisms.
“It’s imperative that organizations today understand that open-source software has risks and is tamperable, even if it is very popular or provided by an established brand,” said Javed Hasan, CEO and cofounder of Lineaje.
“With more software being assembled than built, it’s become more important than ever to have formal tools to discover software DNA. Developers do not have X-ray vision to see inside a software component they include nor are most open-source selectors security experts,” Hasan said.
Given that 64% of all vulnerabilities have no fixes available yet, and can’t be patched, the report echoes CISA’s call for organizations to be more proactive about managing open-source risk. It also recommends that organizations deploy supply chain management tools that have the ability to assess the dynamic inherent risk and integrity of individual dependencies and projects.
