OpenSourceMalware

The OpenSourceMalware Show

When you think about malware, you probably envision phishing emails or sketchy websites. But malicious open source - targeting software developers and their build systems - is becoming a top way that threat actors deliver malware. Just one 'npm install' can trigger payloads that steal information and credentials. Software supply chain attacks by state actors, ransomware groups, and freelancers are happening every day. Hosted by Jenn Gile and Paul McCarty (co-founders of OpenSourceMalware), this podcast explores the latest trends and attacks, and helps defenders understand the tactics needed to...

Autor

OpenSourceMalware

Kategorie

Technology

Neueste Folge

9. Jul 2026

Wo hören?

Podcasts in der App Replaio Radio Bald verfügbar

Podcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts

Bei Google Play herunterladen Kostenlos installieren Android 5 Mio.+ Downloads · Bewertung 4,8 iOS bald

Folgen

Open VSX security improvements, new PolinRider researcher, shady vendor practices 09.07.2026

This week we talked about: PolinRider jumps the fence — Paul's research on North Korea's automated repo-hijacking campaign spreading into the Go and PHP ecosystems without any extra effort from the threat actors Cybersecurity startup publishes infostealers to npm — a vendor publishing malicious packages to manufacture threat data for its own marketing, and getting their npm account pulle...

GitHub security improvements, shady vendor practices 02.07.2026

This week we talked about: GitHub’s two new account protection features: NPM added a 72-hour read-only lockout for high-impact accounts triggered by an email change or 2FA recovery code use, aimed at slowing account takeovers. Separately, GitHub Enterprise rolled out self-service credential revocation, letting enterprise owners revoke tokens, SSH keys, and SSO authorizations for a single user or t...

How malicious OSS is evolving in 2026, feat. DPRK innovations 25.06.2026

This week we talked about: DPRK Lazarus Group trends in software supply chain malware: Three active techniques he's observing from North Korea's Lazarus Group. The first is “version sandwiching,” where threat actors publish benign versions of a package before and after a malicious one, then pin their delivery mechanism to the malicious version so scanners checking the latest release see...

Mastra compromise, agentjacking research, busting malware myths 18.06.2026

Mastra Package Compromise: Threat actors hijacked the entire Mastra npm organization (116 packages) after a maintainer was targeted with a ClickFix-style attack that stole his credentials. Rather than injecting malware directly into Mastra packages, attackers pre-staged a typosquatted package called 'easy-day-js' and added it as a dependency across the org. The malware differs from the s...

MSFT hit by Miasma worm, VS Code cooldowns, npm v12 breaking changes 11.06.2026

Miasma Worm Hits Microsoft — On June 5th, 73 Microsoft GitHub repositories were disabled in 105 seconds after being compromised by the Miasma worm. Four GitHub organizations were affected, including Azure Functions, which broke CI jobs worldwide for anyone calling those official GitHub Actions. The initial foothold traces back to a May 19th compromise of the Durable Task repo, with threat actors m...

Miasma npm worm hits Red Hat, new OpenSourceMalware research on 2026 trends, the Moika campaign 04.06.2026

This week Paul and Jenn talk about: Miasma Campaign — Starting June 1st with 32 Red Hat @redhat-cloud-services packages (averaging 80,000 weekly downloads) compromised, the campaign expanded to over 80 packages and 286+ malicious versions within days. The worm is the first confirmed in-the-wild use of TeamPCP's open-sourced MiniShai Hulud worm, though TeamPCP has not claimed credit. It is mul...

OSV false positives, Crowdstrike takedown of Glassworm infra, and MSFT nukes a researcher 28.05.2026

This week Jenn and Paul covered: OSV false positives from AWS Inspector: AWS's automated malware detection pipeline submitted 157 false positive entries to osv.dev. The entries were merged before anyone caught the errors. When the community began pointing out that some of those "false positives" were actually real malware, AWS started adding some back, making this a mess on both end...

GitHub popped by malicious VS code extension, npm staged publishing debuts 21.05.2026

This week Jenn and Paul cover: npm Staged Publishing: npm's new feature adds a human approval checkpoint before a package goes live. Real improvement, real caveats. We walk through what it does, where it falls short, and the questions the docs still don't answer. DPRK Axios-Linked npm Packages: Paul discovered three malicious npm packages tied to the March Axios attacker that have been q...

RubyGems bot attack, ShinyHunters ransom Canvas, and the latest on Mini Shai Hulud 14.05.2026

Join OpenSourceMalware co-founders Jenn Gile and Paul McCarty for episode four! In this episode: RubyGems bot attack: Hundreds of bots pushed 500-plus packages to RubyGems, some carrying exploits, forcing the registry to shut down new account signups. Jenn and Paul break down why the DDoS label may be misleading and what this exposes about the friction-vs-safety tradeoff every open source registry...

Git hook persistence, Antrea compromise, Dirty Frag, cPanel exploitation, interpreted language malware 07.05.2026

Join OpenSourceMalware co-founders Jenn Gile and Paul McCarty for episode three, covering the latest threat activity and a deep dive they've been promising since episode one. In this episode: DPRK Lazarus Group using git hooks: Paul's latest research shows the Contagious Interview / TaskJacker campaign has evolved. The initial loader is still the VS Code task.json file, but it now calls...

Lovable and Vercel incidents, GitHub RCE, EDR vs. AI agents, Mini Shai Halud by Team PCP 30.04.2026

Join OpenSourceMalware co-founders Jenn Gile and Paul McCarty as they cover a week that had defenders everywhere ready to call it on 2026. In this episode, we cover four topics: Lovable and Vercel incident response failures: Two AI-native platforms had significant security incidents in recent weeks, and both initially responded by minimizing the severity. We break down why Lovable's regressio...

Bitwarden CLI compromise, npm lifecycle scripts, OWASP cheat sheet, cross-ecosystem attacks 27.04.2026

Welcome to the very first episode of The OpenSourceMalware Show! Join OpenSourceMalware co-founders Jenn Gile and Paul McCarty as they break down the latest news, threats, and best practices in the open-source ecosystem.  In this episode, we dive into four major topics: Bitwarden CLI Compromise: We analyze the recently discovered malicious version (2026.4.0) of the Bitwarden CLI package. We break...

Höre den Podcast The OpenSourceMalware Show in Replaio

Radio und Podcasts in einer App - kostenlos und ohne Anmeldung. Installiere sie noch heute und verpasse den Start nicht

Bei Google Play herunterladen

Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet