By October 2023, more than 42,000 potentially dangerous flaws were found in GitHub and other open source software repositories. Kaspersky Lab shared this finding with socialbites.ca after examining over 20,000 products. The data underscores how quickly security gaps appear as open source software grows and diversifies across teams in Canada, the United States, and beyond.
Among the vulnerabilities identified, the largest portion, 29 percent, could allow attackers to bypass security restrictions. The second-largest group, at 22 percent, comprises flaws that might enable denial-of-service conditions. A third major category involves issues that permit arbitrary code execution on devices. These patterns show that attackers have multiple pathways to compromise systems, from breaking controls to forcing a service outage and running unauthorized code (Kaspersky Lab, 2023).
Other notable categories include UI spoofing at 7 percent, privilege escalation at 6 percent, theft of confidential information at 6 percent, and malware at 6 percent. The remaining 12 percent of vulnerabilities fall into smaller, less frequent groups. These distributions help security teams prioritize their defenses and respond to the most critical risks first, especially in environments that rely on open source components for speed and innovation (Kaspersky Lab, 2023).
Experts from Kaspersky Lab classified 43 percent of detected vulnerabilities as high-danger threats and 11 percent as critical-danger threats. For comparison, the analytical review from December 2022 showed 35 percent of threats at high danger and about 10 percent at critical danger. Over the first ten months of 2023, the share of high-danger vulnerabilities rose by eight percentage points, signaling a tightening threat landscape for developers and operators who rely on open source code (Kaspersky Lab, 2023).
To help software teams assess codebases that rely on open source software, Kaspersky Lab recommended seeking vulnerability and threat intelligence tools from reputable information security vendors, including offerings that operate across international markets. Organizations in Canada and the United States can evaluate both domestic and global solutions to align with local compliance requirements while staying vigilant about supply chain risks (Kaspersky Lab, 2023).
In recent months, scammers have been testing new extortion techniques that leverage messaging platforms. One emerging pattern involves using Telegram as a channel to pressure victims and demand payment. This evolving tactic serves as a reminder that security is not just about patching software; it also requires awareness of social engineering and the platforms attackers exploit to reach targets. Enterprises should combine robust vulnerability management with user education, incident response drills, and clear reporting pathways to reduce the impact of such schemes (Kaspersky Lab, 2023).