Sun
Mon
Tue
Wed
Thu
Fri
Sat
29
30
1
2
3
4
5
6
7
8
Over the past two months, we’ve tracked the most serious supply-chain attacks in npm history. Phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads.
I’d love to join your show to break this down for your audience: what happened, why it matters, and practical steps developers and security teams can take right now.
These attacks feature some novel techniques (like abusing LLM CLIs, and GitHub workflow exploits) and show how fragile the whole ecosystem is.
Highlights:
Phishing that compromised Prettier and others, shipping infostealers and backdoors
Nx build system hijacked via GitHub Actions, stealing tokens, secrets, and even bricking dev machines
Maintainers like Qix and DuckDB targeted, spreading wallet-drainer malware
Attacks just yesterday and today against tinycolor, CrowdStrike, and 40+ other packages
· 3:30PM
(Booking)
Over the past two months, we’ve tracked the most serious supply-chain attacks in npm history. Phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads.
I’d love to join your show to break this down for your audience: what happened, why it matters, and practical steps developers and security teams can take right now.
These attacks feature some novel techniques (like abusing LLM CLIs, and GitHub workflow exploits) and show how fragile the whole ecosystem is.
Highlights:
Phishing that compromised Prettier and others, shipping infostealers and backdoors
Nx build system hijacked via GitHub Actions, stealing tokens, secrets, and even bricking dev machines
Maintainers like Qix and DuckDB targeted, spreading wallet-drainer malware
Attacks just yesterday and today against tinycolor, CrowdStrike, and 40+ other packages
· 3:30PM
(Booking)
9
10
11
12
13
14
15
17
18
19
20
21
22
24
25
26
27
28
31
1
2