05/05/2025

Security Experts Warn an Open Source Tool Poses a 'Persistent' Risk to the U.S.

The software, easyjson, is used by American companies and the government

Since Russian troops illegally invaded Ukraine more than three years ago, Russian technology companies and executives have been widely sanctioned for supporting the Kremlin. That includes Vladimir Kiriyenko, the son of one of Vladimir Putin's top aides and the CEO of VK Group, which runs VK, Russia's Facebook equivalent that has increasingly shifted towards the regime's repressive positioning.

Now cybersecurity researchers are warning that a widely used piece of open source code, which is linked to Kiriyenko's company and managed by Russian developers, may pose a "persistent" national security risk to the United States. The open source software (OSS), called easyjson, has been widely used by the U.S. Department of Defense (DoD) and "extensively" across software used in the finance, technology and healthcare sectors, according to researchers at security company Hunted Labs, which is behind the claims. The fear is that Russia could alter easyjson to steal data or otherwise be abused.

"You have this really critical package that's basically a linchpin for the cloud native ecosystem that's maintained by a group of individuals based in Moscow belonging to an organization that has this suspicious history," said Hayden Smith, Hunted Labs' co-founder.

Please select this link to read the complete article from WIRED.