Stop Coding in the Dark: Bringing Real-Time Security to Agentic AI Development
The software supply chain has become the backbone of business, but with that reliance comes escalating risk. Attackers are moving faster than defenders, targeting not just production environments but the very tools and processes developers rely on every day.
Recent statistics underline the urgency:
API vulnerabilities rose 168% in 2025, with 91% of organisations reporting API-related security incidents. Misconfigured APIs now expose 10 billion records annually, making them the fastest-growing attack vector.
GitHub repositories remain a high-value target. With 35% of repos public, malicious actors exploit developer missteps to compromise projects upstream.
Self-hosted runners used in CI/CD pipelines are another weak link. Research shows 35% of enterprises leave themselves exposed to attacks that allow lateral movement across repositories and organisations.
For AI adoption and secure coding to scale among thousands of developers of all skill levels, the industry needs both tools and guardrails to work together at machine-speed. Agentic coding (using assistants like Cursor or Windsurf) has increased the risk of “blind trust” in AI-proposed code because LLMs often lack current threat intelligence.
Shifting Attacker Focus
The Q2 2025 vulnerability data reveals a telling pattern. Exploited software included remote access tools and document editing platforms, as well as low-code/no-code development tools and even frameworks for building AI-powered applications.
What’s striking is that the vulnerabilities weren’t found in AI-generated code itself but in the frameworks supporting it. As development technologies evolve, attackers follow — exploiting weaknesses wherever developers least expect them.
The Developer’s Blind Spot
Despite these trends, many organisations still rely on security checks late in the lifecycle — in CI/CD pipelines or after deployment. This leaves developers coding in the dark, unaware that the open-source components and dependencies they’re pulling in could already be vulnerable.
By the time an issue is flagged, code is often deeply integrated, making remediation costly, disruptive, and in some cases, too late.
This is the gap attackers exploit: the developer’s blind spot inside the IDE. ‘Blind Trust’ becomes a liability.
Security Where You Code
Closing that gap means moving security upstream, directly into the developer’s workflow. That’s where HEIDI, Meterian’s new free IDE plugin, comes in.
HEIDI integrates with Visual Studio Code and JetBrains IDEs, providing:
Automatic vulnerability scanning of open-source dependencies (direct and transitive).
One-click fixes, so developers can remediate issues instantly.
Lightweight reports with actionable insights — without leaving the IDE.
Privacy by design: no source code ever leaves the machine, only manifest files are scanned.
Built for operational resilience: now finding a vulnerability at the workbench is a “5-second fix,” preventing downstream disruption or a firm’s existential crisis.
By embedding this capability where code is actually written, HEIDI removes the guesswork and makes secure coding a natural part of the process. It transforms security from a late-stage barrier into an everyday guardrail.
Building Resilience From the Start
The rise of API exploitation, exposed GitHub repos, and vulnerable CI/CD runners clearly shows that attackers no longer wait for production. They strike wherever software is created, stored, or moved.
Organisations that want to stay ahead need to shift left — making vulnerability assessment and remediation part of the developer’s daily environment.
HEIDI makes this shift practical. It empowers developers to ship code that is secure from the start, reducing security debt, lowering patching costs, and protecting the supply chain before vulnerabilities can spread downstream.Stop coding in the dark. Arm your AI companion with the real-time security signals it’s been missing. Download HEIDI for free on the Visual Studio Code or JetBrains Marketplace today
The United Kingdom’s public sector is under increasing cyber pressure.
Government departments, healthcare systems, local councils, and public institutions now rely heavily on interconnected digital infrastructure. Much of that infrastructure was built years ago and still depends on ageing systems that are difficult to update, monitor, or secure properly.
At the same time, public sector software increasingly relies on open-source components. These dependencies help teams develop systems faster and reduce costs, but they also introduce software supply chain risk when vulnerabilities are not tracked or patched consistently.
Together, legacy infrastructure and unmanaged open-source dependencies are creating a difficult security environment. Attacks are becoming more disruptive, more expensive, and harder to contain.
Legacy Systems Remain Widespread Across the Public Sector
Legacy technology remains one of the biggest cyber security weaknesses inside UK public infrastructure.
The National Audit Office warned in 2025 that many government systems remain “high risk” due to age, unsupported software, and outdated architecture.
The UK government’s own Cyber Action Plan similarly acknowledged that some legacy systems cannot be defended effectively using modern security controls.
Many of these systems:
Were built decades ago
Cannot be patched easily
Depend on outdated software stacks
Lack compatibility with modern security tooling
Require specialist maintenance knowledge
Replacing these systems is difficult. Large public sector upgrades are expensive, operationally risky, and often slowed by procurement complexity.
As a result, vulnerable systems frequently remain active long after safer alternatives are available.
Why Legacy Systems Increase Cyber Risk
Older systems are easier targets for attackers because they often lack basic modern protections.
Many do not support strong identity controls, modern encryption standards, or real-time threat monitoring. Some are no longer supported by vendors, meaning newly discovered vulnerabilities may never receive official patches.
Legacy systems also create wider operational risk because they are rarely isolated. Most are connected to newer applications, databases, cloud environments, or third-party services.
That means a vulnerability in one outdated system can become an entry point into a much larger network.
The National Audit Office has warned that ageing systems increase the likelihood of successful attacks and make incident recovery more difficult once breaches occur.
Download Meterian’s 2026 Predictions EBook. Master the New Rules of Software Sovereignty to understand why traditional AppSec models are breaking down and how leadership teams can prepare.
Open-Source Software Adds Another Layer of Risk
Open-source software now powers most modern applications.
Public sector organisations use open-source frameworks, libraries, and packages across internal systems, citizen services, cloud applications, and third-party platforms.
The challenge is visibility.
Modern applications often contain hundreds or thousands of software dependencies, including transitive dependencies that developers may not even realise are present.
If organisations do not know which components exist inside their software, they cannot know which vulnerabilities affect them.
Research consistently shows that the majority of modern software contains open-source code. Many applications also contain known vulnerabilities that remain unresolved long after patches become available.
This is becoming a major concern for governments worldwide because vulnerable open-source components can spread risk across multiple systems at scale.
Want to see how vulnerable open-source dependencies can be identified earlier in development? TryHEIDI by Meterian, a free IDE plugin built to help developers find vulnerable packages and move to safer versions while they code.
The Log4j Problem Showed How Fast Risk Can Spread
The Log4j vulnerability remains one of the clearest examples of software supply chain risk.
Even years after the Log4Shell vulnerability was disclosed and patched, vulnerable versions continued appearing inside production systems worldwide.
Reports in 2025 showed that a significant percentage of Log4j downloads still contained vulnerable versions despite years of public awareness.
The issue was never simply the existence of the vulnerability itself. The larger problem was that many organisations did not know where Log4j existed inside their software stack.
This is the core software supply chain challenge facing public sector organisations today.
A single vulnerable dependency can quietly exist across government systems, suppliers, applications, and service providers without clear visibility.
Cyber Attacks Against Public Services Are Increasing
The cyber threat facing the UK public sector continues to intensify.
The National Cyber Security Centre reported a growing number of nationally significant cyber incidents in its latest annual review. State-backed threat actors, ransomware groups, and financially motivated attackers continue targeting public infrastructure because disruption creates immediate pressure.
Several recent incidents have shown how severe the consequences can become.
Healthcare Systems
The NHS has experienced repeated cyber incidents linked to outdated infrastructure and unpatched vulnerabilities.
These attacks disrupted services, delayed operations, and exposed sensitive patient information. Healthcare systems remain particularly vulnerable because they depend on large interconnected environments that are difficult to modernise quickly.
The British Library Attack
The cyber attack against the British Library became one of the UK’s clearest examples of how legacy technology can worsen the impact of a breach.
The incident caused major operational disruption and lengthy recovery efforts. Later analysis linked the severity of the attack partly to historic underinvestment in cyber resilience and ageing infrastructure.
Local Government Disruption
Local councils across the UK have also faced growing cyber pressure.
Attacks have disrupted housing systems, benefits administration, and citizen services. In some cases, organisations were forced to revert to manual processes while systems recovered.
For public services, cyber incidents quickly become operational problems rather than isolated IT failures.
Why This Is Becoming a National Resilience Issue
The combined effect of legacy systems and open-source vulnerabilities creates broader national risk.
These issues are interconnected.
A vulnerable open-source component inside a legacy environment can affect multiple public services simultaneously. Once attackers gain access, interconnected systems make lateral movement easier and containment harder.
The consequences can include:
Service disruption
Data breaches
High remediation costs
Operational downtime
Delayed digital transformation
Increased exposure to state-sponsored attacks
Public infrastructure now depends heavily on software resilience. When software supply chains become difficult to monitor, national resilience becomes harder to maintain.
What Needs to Change
The UK public sector does not need to stop using open-source software. That would be unrealistic and counterproductive.
The priority is visibility.
Public sector teams need to know which open-source components are inside their software, where vulnerable versions are being used, and which fixes are available. This needs to happen continuously, because new vulnerabilities emerge every day.
Security also needs to move closer to development. If vulnerable dependencies are only discovered late in CI/CD, or after deployment, remediation becomes slower and more expensive.
The strongest approach is to make dependency security part of the normal development workflow. Developers should be able to see vulnerable packages, understand the risk, and move to safer versions before code reaches production.
Conclusion
The UK public sector faces a layered cyber security problem.
Legacy systems create weak points. Unmanaged open-source dependencies add software supply chain risk. Together, they make public services more exposed to attacks that can disrupt operations, expose data, and damage national resilience.
Modernising public infrastructure will take time. But visibility over open-source risk can improve now.
Knowing what is inside public sector software is the first step toward protecting the services people rely on every day.
UK manufacturing is becoming more exposed to cyber disruption as factories rely on connected systems, industrial software, cloud platforms, and third-party suppliers.
Ransomware and denial-of-service attacks are among the most damaging threats. They can stop production, delay shipments, disrupt supply chains, and create direct financial losses.
For manufacturers, cyber risk now reaches far beyond IT systems. It affects uptime, safety, fulfilment, customer commitments, and business continuity.
UK Manufacturers Are Facing a Higher Level of Cyber Disruption
A 2026 ESET survey found that 78% of UK manufacturers experienced a cyber incident in the past year.
Among affected firms, 95% reported direct business impact, 53% suffered financial loss, 44% faced supply chain disruption, and 39% missed customer or supplier commitments. Some incidents caused losses above £250,000.
The wider UK picture is also concerning. The UK government’s Cyber Security Breaches Survey 2025 found that 43% of UK businesses experienced a cyber breach or attack in the previous 12 months. The figure rose to 67% for medium businesses and 74% for large businesses.
Manufacturing is especially exposed because downtime has an immediate cost. A locked system or unavailable application can quickly become a halted line, a missed order, or a broken supplier commitment.
Ransomware Remains the Primary Cyber Threat
Ransomware remains one of the most serious threats to UK organisations. The National Crime Agency describes ransomware deployment as the UK’s greatest cyber serious and organised crime threat, with risks to Critical National Infrastructure and national security.
A ransomware attack usually blocks access to systems or data until a payment is demanded. Modern ransomware campaigns often go further. Attackers may steal data, threaten to publish intellectual property, pressure suppliers, and use public disruption to force negotiations.
This is dangerous for manufacturers because production depends on availability. If planning systems, engineering files, logistics platforms, or connected production environments become unavailable, the impact can move quickly from digital systems into physical operations.
The Jaguar Land Rover cyber incident showed how severe that impact can become.
The Cyber Monitoring Centre categorised the 2025 JLR incident as a Category 3 systemic event, estimating a £1.9 billion UK financial impact and effects across more than 5,000 UK organisations.
Production lines were halted for several weeks, and suppliers faced cancelled or delayed orders. That case underlines the central point: a major cyber incident in manufacturing can become a supply chain event.
DDoS Attacks Can Stop Access to Critical Services
Denial-of-service attacks create disruption by overwhelming websites, applications, or networks. The Information Commissioner’s Office describes a DoS attack as an attempt to stop normal system function by overloading it and creating a virtual “traffic jam.”
In a distributed denial-of-service attack, the attacker uses many connected devices to flood the target from multiple points.
For manufacturers, DDoS risk is not limited to public websites. It can affect customer portals, supplier platforms, remote access systems, cloud dashboards, and connected industrial services.
UK government data shows denial-of-service attacks affected 15% of large businesses that experienced a cyber breach or attack, compared with 5% of businesses overall.
The practical impact is simple. If key systems are unavailable, production planning slows down, orders cannot be processed, suppliers lose visibility, and internal teams are forced into manual workarounds.
Why Manufacturing Is Especially Vulnerable
Manufacturing has a different risk profile from many office-based sectors.
Many firms still run legacy operational technology alongside newer digital systems. Older systems are often difficult to patch, hard to monitor, and expensive to replace. As IT and OT environments become more connected, weaknesses in one area can create exposure in another.
Manufacturers also depend on complex supplier networks. A vulnerability in a third-party system, open-source component, software update, or connected service can create risk across several organisations.
This makes software supply chain security critical. Modern manufacturing companies often use internal applications, vendor platforms, cloud services, containerised workloads, and open-source libraries.
Open source software makes up an estimated 80–90% of software application code, which means dependency risk is now part of operational resilience.
Attackers understand this. They do not always need to attack the factory floor directly. They can exploit exposed software, vulnerable dependencies, weak supplier access, or outdated components that sit inside the wider digital environment.
The Preparedness Gap
Many organisations still lack the right level of preparation.
The UK government’s Cyber Security Breaches Survey 2025 found that only 32% of businesses had a business continuity plan covering cyber security. For micro businesses, the figure was 27%.
That gap matters because prevention alone is not enough. Manufacturers need to know what software they use, which components are vulnerable, which systems are exposed, and how quickly they can recover when something goes wrong.
A strong cyber resilience plan should include:
Tested backup and recovery processes
Network segmentation between IT and OT systems
Regular vulnerability assessment
Software Bill of Materials visibility
Continuous monitoring of open-source components
Incident response planning
Clear supplier security expectations
Developer workflows that catch risks before release
Cyber Essentials, penetration testing, and annual reviews all have value. However, they cannot replace continuous visibility. New vulnerabilities are disclosed every day. A system that was safe last month may be exposed today.
Where Meterian and Cybersecurity Services Fit
Meterian helps organisations reduce software supply chain risk by giving security and engineering teams clearer visibility into open-source dependencies, vulnerable components, and remediation priorities.
Meterian-X provides continuous review of open-source libraries, risk prioritisation, actionable reporting, policy controls, and alerts that help teams fix issues earlier in the software development lifecycle.
For manufacturing businesses, this matters because software now supports production planning, supplier coordination, logistics, customer delivery, connected devices, and internal operations.
Meterian can help teams:
Identify vulnerable open-source components
Monitor dependencies continuously
Prioritise the most urgent risks
Generate clear reports for developers and security teams
Support governance and compliance workflows
Integrate security checks into DevSecOps pipelines
Scan application codebases and container images
Meterian’s HEIDI plugin also brings open-source vulnerability detection directly into the IDE. It helps developers catch and resolve vulnerable dependencies during the coding phase, before issues reach production systems.
That early visibility matters. The later a vulnerability is found, the more expensive and disruptive it becomes to fix.
Want to understand where open-source vulnerabilities may be hiding in your software supply chain? Use Meterian to scan your codebase, monitor dependencies continuously, and give your teams clear remediation paths before risk reaches production.
Building Cyber Resilience in UK Manufacturing
UK manufacturers cannot remove every cyber risk. They can reduce exposure, improve visibility, and make disruption less damaging.
That starts with treating software supply chain security as part of operational resilience. Manufacturers need to know which components they rely on, where vulnerabilities exist, and which fixes should come first.
The most resilient organisations will be those that connect security with engineering, operations, procurement, and risk management. Continuous scanning, dependency visibility, and fast remediation should become standard controls for any software-driven manufacturing environment.
Conclusion
Ransomware and DDoS attacks are now serious operational risks for UK manufacturing.
The sector depends on connected software, complex suppliers, and production systems that cannot afford prolonged downtime. Recent incidents show that a cyberattack can stop production, delay orders, expose sensitive data, and affect thousands of connected organisations.
Manufacturers need more than periodic testing and basic compliance. They need continuous visibility across the software systems that support their operations.
Meterian helps manufacturers strengthen that visibility by scanning codebases, monitoring open-source dependencies, prioritising vulnerabilities, and supporting DevSecOps workflows.
On November 24, 2025, a second wave of the “Shai-Hulud” npm supply-chain attack began spreading through the JavaScript ecosystem. Attackers compromised maintainer accounts, published trojanized versions of legitimate packages, and used them as a worm to steal credentials and propagate into more projects and organizations.
What happened (in plain terms)
Trusted packages were silently replaced with malicious updates. When developers or CI systems installed these versions, the malware ran automatically during install.
The malware steals secrets at scale. The payload hunts for npm/GitHub tokens and cloud credentials, then exfiltrates them to attacker-controlled repos.
This wave is more capable than September’s. Researchers observed improved execution (including the Bun runtime) and broader credential targeting, making infection faster and harder to spot.
High-profile vendors were hit. Packages tied to Zapier, ENS Domains, Postman, PostHog, AsyncAPI and others were compromised, showing the attackers can reach well-run projects—not just obscure libs.
Why this matters to your business
This is not a “developer problem.” It is a direct enterprise risk:
Credential theft = account takeover. If a compromised package was installed in your environment, assume tokens and keys on that machine (or CI runner) may be stolen. That can lead to cloud breaches, source-code theft, or ransomware-style follow-on attacks.
Supply chain blast radius is huge. npm packages are deeply nested in modern apps. One infected dependency can taint many internal services before anyone notices. The campaign has already spread into tens of thousands of GitHub repos.
Regulatory and reputational exposure. If attacker access leads to customer data loss or service disruption, you face incident-response costs, disclosure obligations, and trust damage.
Immediate actions (next 24–72 hours) for your engineering team
If your engineering team uses Node.js / npm anywhere:
Identify exposure.
Compare your dependency lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml) to the known malicious package/version list from current advisories
Search CI logs and build images for installs of those versions around Nov 24, 2025 onward.
If you are using Meterian, your teams will be notified tomorrow of any outstanding issue in your projects, while you can also manually trigger a rescan
Treat potentially affected environments as compromised.
Rotate all secrets that could have been accessible to developer machines or CI runners: npm tokens, GitHub tokens, cloud keys, DB creds, SaaS API keys.
Re-issue creds from a clean machine.
Hunt for persistence.
Check for unexpected GitHub Actions / CI workflows, new secrets, or unfamiliar deploy keys. Earlier Shai-Hulud waves used CI backdoors to keep access.
Block known bad versions now.
Add deny-lists in artifact proxies (e.g., npm registry mirrors) and internal policy gates.
Pin safe versions until the incident stabilizes.
Medium-term fixes (next few weeks) for your engineering team
Eliminate long-lived registry tokens. The attack leveraged stolen or weakly protected maintainer/CI tokens; reducing token lifetime and scope cuts worm propagation.
Harden CI/CD. Run builds in isolated runners with minimal secrets; require approvals for workflow changes.
Adopt dependency trust controls.
Prefer verified publishing / signed releases where available.
Add automated checks for sudden owner changes, new install scripts, or unusual publish patterns.
The take-home
Shai-Hulud 2.0 is a credential-stealing worm riding on the npm ecosystem. It spreads through normal installs, targets high-value developer and cloud secrets, and has already hit mainstream packages. The right executive posture is: assume compromise if exposed, rotate secrets fast, and tighten the software supply chain permanently. After last September’s incident, we predicted this would rear its ugly head again. Watch a brief update and warning shared earlier this week at one of our meetings.
Meterian CTO Bruno Bossola shares the growing blast radius and all consumers of NPM must stop it
This is a story under development!
Please keep an eye on this blog page, in the meantime here’s the list of affected packages and versions so far:
Benefits, Risks, and Real-World Attacks Involving Open Source in the Insurance Industry
The insurance sector is undergoing a rapid digital transformation, integrating technologies like artificial intelligence, big data analytics, blockchain, and cloud computing to better serve customers, optimise operations, and reduce fraud. Central to this shift is the growing reliance on open source software (OSS), tools, libraries, and platforms freely available for development, adaptation, and integration. From talking to c-suite members within all of the key sectors, OSS is recognised as beneficial but also seen as the “elephant in the room” as the risks are known but lack of experience in dealing with this layer is allowing threat penetration to be successful
While OSS empowers insurers with flexibility, innovation, and cost efficiency, it also introduces serious cybersecurity risks. This article explores how open source is being used in insurance, outlining the real-world consequences of cyber threats involving OSS, and assesses the risks of future attacks, especially as threats grow more sophisticated.
Why Insurers Use Open Source Software
Open source components are now integrated into nearly every stage of the software development lifecycle in the insurance industry. Key benefits include:
Cost savings: Avoiding high licensing fees of proprietary software.
Faster development: Leveraging pre-built libraries and frameworks. This acceleration is exponentially magnified by AI coding assistants, which rapidly retrieve and integrate open-source snippets directly into developer workflows and push development cycles into overdrive.
Community support: Tapping into vast global expertise and frequent updates.
Flexibility: Extending existing open source code to meet business-specific requirements.
Examples include:
Apache Kafka and Airflow for real-time data processing.
TensorFlow for machine learning in fraud detection.
PostgreSQL and MongoDB for scalable data storage.
OpenJDK as a base for Java-based enterprise applications.
With open source software, legacy systems have been replaced. Insurance software providers have gained ready-to-use features and deliver enterprise-grade and SaaS applications 50-60% faster, while avoiding vendor lock-in. They are seizing the opportunity to be part of a sector-specific open source software community to learn, grow, and contribute, with potential to shape the future direction at a sector level. Some of these ready-to-use features include policy, claim, and property management, as well as time tracking. There are also templates available to offer embedded insurance products seamlessly integrated into customer buying experiences.
The business-led software-driven transformation helps streamline processes, enhance risk assessment, and improve customer service. We can all appreciate the availability of cloud-based solutions that’s increased the ease of purchasing standalone and embedded insurance products in our daily digital experiences. Forgot to buy travel insurance when you booked your ski holiday? Not to worry, because the ski rental agency that’s selling ski lift passes on their mobile web app also lets you buy insurance when you checkout. Open source software is helping to drive innovation and specialized offers across sectors, benefitting sellers and resellers from greater access to customers wherever they are in their journey.
OSS Cybersecurity Risks of Open Source within the Insurance Sector
Open source code, while powerful, is not immune to vulnerabilities. Many packages are maintained by volunteers, and while updates and patches are released very quickly, it’s difficult for a company to keep the pace, because of lack of awareness and processes to handle them. A single unpatched library can serve as a gateway to an entire corporate network, and for insurance companies, this can expose sensitive personal, financial, and medical data.
Key risks include:
Direct cyber attacks Because of the lack of vulnerability scanning, simply by leveraging an existing vulnerability in one opensource component used on an internet facing system, a hacker could get access to all internal databases.
Supply chain attacks A piece of malicious code included in a widely used software library is then automatically incorporated into thousands of downstream applications that use the library, allowing the attackers to compromise a vast number of targets simultaneously.
License mismanagement and IP risksWhen using a non-business friendly licensed component, there’s a significant risk of being forced to publicly release your own intellectual property, leading to loss of competitive advantage and potential legal action.
Shadow IT and undocumented OSS use The unmonitored use of unapproved software, often by developers seeking speed and agility, creates significant security and compliance blind spots, as these tools operate outside of corporate governance and lack security patching or vulnerability tracking
Notable Cyber Attacks Involving Open Source
1.Log4Shell (CVE-2021-44228) – Apache Log4j
In late 2021, a critical remote code execution vulnerability was discovered in Log4j, a widely used Java logging library.
Impact on insurance: Many insurance firms used Java-based enterprise systems that included Log4j, making them vulnerable.
Exploitation: Threat actors could remotely execute arbitrary code on affected systems. APT groups including Charming Kitten (Iran) and APT41 (China) were linked to active exploitation.
2.SolarWinds Supply Chain Attack
Though not directly OSS-related, this 2020 attack brought attention to third-party code risks, including OSS components.
Relevance to insurers: Many insurers use SolarWinds or similar IT management tools, and the incident led to an industry-wide audit of third-party dependencies.
3.MOVEit Transfer Exploits (2023)
Cl0p ransomware gang exploited zero-day vulnerabilities in MOVEit file transfer software, affecting dozens of insurance, healthcare, and finance companies.
Relation to OSS: MOVEit, while proprietary, included OSS components and APIs, showing how OSS can be an indirect vector.
Victims: Included Genworth Financial, a major life and mortgage insurer.
Known Named Threat Actors Targeting the Sector
DarkSide / BlackCat: Ransomware-as-a-Service groups frequently use software vulnerabilities, including in OSS, for initial access.
FIN11 / Cl0p: A ransomware group known for targeting insurance and financial companies.
APT38 (North Korea): Known for financial theft operations, including targeting SWIFT and related financial systems.
Lazarus Group: Has targeted healthcare and insurance sectors, possibly for both espionage and financial gain.
Future Threat Landscape: What’s Ahead?
The future risk to insurers from open source-based attacks is growing due to:
AI-driven vulnerability discovery tools used by threat actors.
Complex OSS supply chains making traceability and patching harder.
Open source CI/CD toolchains being exploited (e.g., Jenkins, GitLab CI).
Emerging Concerns:
Malicious open source packages: Attackers upload poisoned libraries to repositories like npm or PyPI. Example: “ctx” and “phpass” malicious packages.
Dependency confusion attacks: Exploiting package naming inconsistencies in private/public repositories.
Insider threats: Poor OSS governance can lead to accidental introduction of vulnerable or backdoored code.
AI-generated dependencies: As engineering teams increasingly rely on LLMs (Large Language Models) to write software, there is a high risk of ‘code hallucinations’ in which AI introduces outdated, unverified, or entirely fabricated open-source packages that serve as low-hanging fruit for attackers.
Mitigation Strategies for Insurers
Adopt SBOMs (Software Bill of Materials) Maintain a comprehensive inventory of all open source components in use.
Automated Vulnerability Scanning Use tools like Meterian, WhiteSource, or Dependabot to detect issues early.
Continuous Monitoring & Patching Establish DevSecOps pipelines to enforce regular OSS updates. This must also include guardrails around AI coding assistants to ensure that all AI-generated suggestions are scanned and vetted as rigorously as human-written code.
Zero Trust Architectures Prevent lateral movement even if a component is compromised.
Training & Awareness Developers should be trained on secure OSS usage and license compliance.
The AI Arms Race
The introduction of AI into the software development lifecycle has inadvertently triggered an arms race. Just as insurers use AI to accelerate development, threat actors are leveraging the exact same technology to weaponise open-source ecosystems at an unprecedented scale. Cybercriminals now use LLMs to rapidly scan massive open-source repositories for zero-day vulnerabilities, turning the speed of AI against defenders. Furthermore, attackers are automating the creation of highly convincing malicious packages, complete with fake documentation and GitHub histories. These are maliciously designed to trick AI coding assistants into recommending them. When a developer accepts an AI-generated code snippet that includes one of these poisoned dependencies, it creates a highly efficient, automated attack pipeline that brings malicious code directly into the heart of an insurer’s infrastructure.
Conclusion
The open source revolution has undeniably propelled innovation in the insurance industry. But this double-edged sword demands a proactive cybersecurity posture. From high-profile exploits like Log4Shell to the growing sophistication of supply chain attacks, it’s clear that OSS security is no longer optional, it’s critical.
Insurers must recognise open source as both an opportunity and a threat. Only through comprehensive risk management, visibility, and cultural change can they unlock its benefits while shielding themselves from cyber catastrophe.
If you’re in insurance, now’s the time to put OSS security on the boardroom agenda.
The automotive giant’s recent cyber breach shows why continuous vulnerability assessment and open-source security are no longer optional.
Earlier this month, Jaguar Land Rover (JLR), the UK’s largest carmaker, was forced to shut down global IT systems after a cyberattack disrupted production across its factories. Plants in Solihull, Halewood, Wolverhampton, and Slovakia were halted. Operations in China, India, and Brazil also felt the ripple effect.
Thousands of employees and suppliers were sent home. Dealers and garages had to switch to manual operations during one of the busiest sales periods of the year: the September license plate registration window.
While no customer data breach has been confirmed, the attack reflects how deeply cybersecurity failures in the supply chain can damage both business operations and national economies. JLR contributes nearly 4% of the UK’s exports.
How the Jaguar Land Rover Attack Happened
The hacking coalition calling itself “Scattered Lapsus$ Hunters” claimed responsibility, posting internal screenshots as proof. Analysts link the group to earlier social engineering campaigns carried out by collectives like Scattered Spider, Lapsus$, and ShinyHunters.
This was not a sophisticated zero-day exploit. It was an attack on trust and resilience. By exploiting weaknesses in IT systems and operational processes, attackers triggered a shutdown that cascaded across JLR’s entire global network.
For an industry where every production hour counts, this was a direct hit to the supply chain.
Why Supply Chain Vulnerabilities Are a Critical Business Risk
The JLR case illustrates the stark reality:
Operational Technology (OT) systems are connected to IT systems. A breach in one disrupts the other.
Third-party risk is first-party risk. If suppliers or partners are compromised, your own resilience is at stake.
Downtime is as damaging as data loss. Even without stolen records, JLR faces millions in lost productivity and missed sales.
Open-source software is everywhere. Modern automotive systems depend on open-source libraries and components. Without continuous monitoring, hidden risks can remain undetected until it’s too late.
Where Vulnerability Assessment Makes the Difference
SBOM (Software Bill of Materials) to ensure visibility into every open-source component used in critical systems
Continuous monitoring for newly disclosed CVEs that could disrupt supply chains
DevSecOps integration to ensure remediation is part of the development and deployment pipeline
Incident readiness through real-time alerts and automated remediation guidance
How Meterian Helps Build Resilience
Meterian’s platform is built to detect, monitor, and remediate open-source vulnerabilities before they cause widespread damage.
BOSS (Business Open Source Sentinel): Provides real-time alerts for newly disclosed vulnerabilities across your software supply chain.
Sentinel: Automates vulnerability assessment and integrates into your CI/CD workflows to block unsafe code before it reaches production.
SBOM generation and ingestion: Gives you complete visibility into the components your business depends on, simplifying compliance and response.
AI-powered continuous monitoring: Ensures you are always ahead of emerging threats—whether in PHP, Java, .NET, or any other stack critical to your business.
Had such systems been in place across JLR and its suppliers, the blast radius of this attack could have been contained, with faster detection and remediation.
Why Open-Source Security Matters
The JLR breach demonstrates a truth we see across industries: open-source security is business security.
When 80–90% of modern applications depend on open-source components, every unpatched library becomes a potential entry point. The cost of ignoring these risks isn’t theoretical. It’s operational paralysis, financial loss, and reputational damage.
Don’t Wait for the Next Breach
The JLR cyber attack is not an isolated incident. It is part of a wider trend of supply chain attacks targeting global industries. The question is not whether open-source vulnerabilities exist in your systems—they do.
The question is: are you continuously monitoring and remediating them?
Now is the time to take control of your software supply chain.
👉 Learn how to strengthen resilience in our upcoming webinar: “What’s Open Source Security Got to Do with Resilience of the Supply Chain?” 📅 September 18, 2025 • 14:00 BST • 15:00 CET • 09:00 ET • 18:30 IST
In May 2025, cybersecurity headlines were dominated by Ivanti Endpoint Manager Mobile (EPMM) facing active exploitation through chained remote code execution (RCE) vulnerabilities—CVE‑2025‑4427 and CVE‑2025‑4428.
These flaws enabled unauthenticated attackers to execute malicious code on affected systems, affecting enterprises globally. Ivanti’s vulnerabilities were notably tied to outdated open-source Java components, highlighting the critical importance of managing open-source security dependencies.
In this blog, we explore the Ivanti incidents, understand the role vulnerable Java libraries played, and demonstrate how proactive software composition analysis (SCA), continuous monitoring, and automated remediation through Meterian-X could have prevented or swiftly mitigated these attacks.
Ivanti’s Open Source Vulnerability: Java Libraries at Fault
The Ivanti vulnerabilities were rooted in the software’s reliance on outdated versions of Java libraries, specifically including “hibernate-validator.” These libraries were susceptible to chained exploits:
These vulnerabilities underscore a significant risk: even trusted enterprise products can expose businesses if they incorporate insecure or outdated open-source components.
Understanding the Attack Surface
Ivanti’s attack scenario reveals common industry oversights:
Outdated dependency versions not promptly updated.
Inadequate visibility into the software bill of materials (SBOM).
Insufficient integration of security checks in the continuous integration and continuous delivery (CI/CD) pipeline.
Given the rise in nation-state actors targeting supply chains, companies must ensure software dependencies are continuously scrutinized.
Continuous Monitoring & Detection with Meterian Sentinel
Meterian Sentinel actively monitors dependencies, aggregating real-time vulnerability intelligence from authoritative sources, such as the National Vulnerability Database and GitHub Security Advisories.
Sentinel would have identified Ivanti’s outdated “hibernate-validator” dependency, alerting development and security teams of the urgent update required.
Real-time notifications of critical vulnerabilities.
Actionable, prioritized remediation steps directly within development workflows.
In Ivanti’s case, BOSS would have immediately alerted to the risky dependency version, detailing the vulnerability and auto-generating a recommended fix within the CI/CD process.
Proactive Prevention: CI/CD Integration Workflow with Meterian-X
Integrating Meterian-X into CI/CD pipelines ensures software vulnerabilities are detected and addressed at the earliest stage, automatically:
Ivanti’s vulnerability illustrates a fundamental truth: security must extend beyond internal code to encompass all open-source dependencies. Meterian empowers security leaders, developers, and compliance teams to proactively detect and auto-remediate risks like those affecting Ivanti.
Adopting Meterian’s comprehensive security integration ensures continuous monitoring. It provides a rapid response and reliable protection of your software supply chain. This safeguards your business from the increasing threat of supply-chain-based cyber attacks.
Essential Steps for Leaders Before the Next Supply Chain Attack
Author: Rod Cobain • 4 min read
A Storm Is Brewing
We live in an age of unprecedented digital dependency. From agile startups to global enterprises, modern organizations rely on interconnected software systems, primarily driven by open source software (OSS). While OSS is powerful, flexible, and cost-effective, it increasingly represents a critical cybersecurity risk.
Cyber attackers are aggressively exploiting open source vulnerabilities, targeting the tools and libraries that power global innovation. The question isn’t whether your organization uses open source software—it undoubtedly does. The critical question is: How effectively are you securing it?
This article will explore:
Why open source vulnerabilities attract cyber attacks.
The evolving nature of these threats.
The crucial role of cybersecurity thought leadership.
Strategic actions leaders must take immediately.
Open Source Software: The Expanding Attack Surface
The Prevalence of Open Source
80-90% of modern applications incorporate OSS components.
OSS underpins critical infrastructure including finance, AI, and cloud services.
OSS adoption is accelerating within IoT and edge computing environments.
Why Attackers Target Open Source
A single vulnerability can impact thousands or millions of systems.
Attackers view the software supply chain as an attractive, often poorly defended target.
Many organizations lack visibility into OSS dependencies.
Recent High-Profile Incidents
Log4Shell (Log4j): A critical vulnerability in a widely used Java library triggered global disruption.
Allocate resources to enhance OSS security measures.
Support cross-industry initiatives and SBOM adoption.
Promote a culture where software security is central to business strategy.
The Broader Impact: Securing a Global Commons
Open source software represents a global digital commons. Poor security practices risk widespread systemic failure, not just isolated breaches. Robust thought leadership from security and business executives can act as a force multiplier by:
Without proactive leadership, organizations face continuous cycles of reactive firefighting. With it, we can build resilience and trust in the digital future.
Conclusion: Your Leadership Legacy
The stakes have never been higher:
Attackers are innovating rapidly.
OSS vulnerabilities will continue to surface and be exploited.
Regulatory landscapes and liability expectations are evolving quickly.
Now is the time for bold cybersecurity leadership that transcends organizational silos, engages across industries, and shapes global security practices. As a leader, ask yourself:
Is your organization prepared for the next OSS attack?
Are you shaping the conversation or merely reacting?
What legacy will you leave in securing the software that powers the world?
The future of digital trust depends on your answers.
Part 1: What Business Leaders Must Learn from Recent Cyber Vulnerabilities
Author: Rod Cobain • 4 min read
AI-generated image of business professionals
Open source software powers your business, it’s a fact whether you know it or not. From core infrastructure to everyday applications, open source code is embedded deep within the tools we trust. It’s a quiet enabler of innovation, agility, and scale.
But recent high-profile vulnerabilities, from Log4Shell to the XZ Utils backdoor, have exposed a hard truth; what’s free and open can also be fragile and risky. For business leaders, these incidents aren’t just technical hiccups. They’re a boardroom-level ticking time bomb. It’s time we stop treating open source security as an engineering detail and start addressing it as a strategic priority.
Many assume that popular open source projects are secure because they’re widely used. But visibility isn’t the same as scrutiny. The Log4Shell vulnerability sat undetected in a core Java logging library for nearly a decade until Dec 2021. When discovered, it impacted millions of computers, everything from cloud platforms to consumer apps. As a business leader, if your business relies on open source (and it does), you must invest in ongoing due diligence, not blind trust. Recent supply chain issues should prompt critical questions such as, “What’s in my software supply chain?” and “How’s it monitored?”.
Your Risk is Reflected by Your Dependencies
A single compromised component can ripple across countless systems. Looking at the event-streamincident, a small JavaScript library was hijacked and weaponised to steal cryptocurrency. As a business leader, demanding visibility into your organisation’s dependency map is a must, ignorance is no excuse, and cyber insurance providers are not covering such risks. Are you relying on unknown or unmaintained components in your software development production? If the answer is “yes or not sure”, you need to have your code assets scanned, and either automatically remediated or managed with a mitigation plan. As a result of the widespread consequences these open source vulnerabilities can have, since the Log4Shell incident, insurance providers require customers to prove they’ve patched or risk losing their insurance cover benefits.
Underfunded Projects Power Billion-Pound Businesses
The most alarming aspect of many open source vulnerabilities isn’t the flaw itself, but the lack of maintenance. The XZ backdoor came about partly because the project had only one active maintainer, such is the nature of open source community driven software. Therefore consumers and enterprises using the open source library inherit the responsibility for the quality and security of the instance used in its own coding projects. Adopting a pro-active 24/7 solution that incorporates continuous monitoring, automated remediation, and AI-powered vulnerability detection, is essential for identifying and addressing issues swiftly.
Leadership takeaway: Small investment vs Large payout or loss of credibility is clear.
Speed of Response Is a Competitive Advantage
Putting in place a pro-active approach when vulnerabilities emerge–detect, prioritise, and patch quickly– can prevent disruption and protect your reputation. Marks & Spencer, Co-op and others are still striving to regain normality in the weeks to come. These unfortunate incidents of “world class companies” highlight how security response has become a key measure of business agility. Are your teams empowered with the tools and authority to act swiftly when open source risks emerge?
The Future of Open Source Security
Open source is here to stay. Its growth is undeniable and remains a cornerstone of technological innovation for good. But security can’t just be an engineering checkbox. It must be part of your organisation’s culture, led from the top. Encourage a mindset of proactive security and open collaboration. The best organisations view open source software not just as free software, but as shared infrastructure worth protecting.
Conclusion
Cyber vulnerabilities in open source is not a reason to fear the model. Instead, they’re a call to engage more responsibly with it. As leaders, we must stop viewing open source security as someone else’s problem. The reality is: if your business runs on open source, its security must be your priority. Your role may not be a technical one, but asking the right questions and knowing your options from the beginning will help you take a preventive stance to ensure you don’t end up as tomorrow’s headline.
Today’s Reality Check: Vulnerability Management is Non-Negotiable
With the MITRE CVE system being the backbone of global vulnerability identification, it’s alarming to see discussions about funding cuts that could jeopardize this critical resource. If the industry loses its shared language for describing digital flaws, we’re all in trouble. This could stifle innovation in vulnerability management and mitigation, leaving organizations scrambling for reliable data in the U.S. and globally.
The industry needs to rally. We must collaborate on alternative funding models, invest in open-source initiatives, and forge partnerships that keep vital resources like CVE alive and thriving. Let’s ensure that our defenses remain robust, even in the face of disruption.
Meterian: The Power Database and Invisible Security Platform You Need
While others may falter, Meterian is charging ahead. Our vulnerability database is not just comprehensive; it’s a powerhouse, tracking over 400,000+ vulnerabilities and receiving daily automatic updates from a multitude of sources. We pull data from the National Vulnerability Database, GitHub Security Advisories, and 15 other unique feeds. But we don’t stop there. Our AI-generated insights, combined with meticulous manual curation, deliver a done-for-you service that your security and engineering teams can depend on.
In short, we provide your enterprise with a pair of automated eagle eyes, ensuring you have full visibility into potential software weaknesses in your third-party software supply chain.
Quality and Volume
Our commitment to excellence means you get the best tools to manage vulnerabilities effectively, for your team’s tech stack and workflow. We have a multitude of integrations and our OpenAPI architecture means we can collaborate to create more value together.
Join the Revolution
It’s time to elevate your cybersecurity strategy with the best solution for your team. Ready to take your cybersecurity to the next level? Check out our product page infographic to see how our database stacks up against the competition.