
Supply Chain Attacks: Open Source or Open Door?
From Microsoft Threat Intelligence Podcast by Microsoft
June 3, 2026 · 39 min · Season 3 · Episode 70
About this episode
The episode discusses the rising threat of open source software supply chain attacks and insights from a recent presentation at BlueHat IL 2025.
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025. In this episode you’ll learn: How attackers are targeting open source software ecosystems at scale Why AI is accelerating both cyberattacks and threat detection What was uncovered during their BlueHat presentation on modern software supply chain attacks Some questions we ask: What patterns did you uncover in NPM attack campaigns? Should developers rely on dependencies or build everything themselves? Why should organizations pay closer attention to open source security risks? Resources: View Allie Luhrs on LinkedIn View Mario Samolis on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other…
People in this episode
Host: Sherrod DeGrippo
Guests: Allie Luhrs, Mario Samolis
Topics covered
- supply chain attacks
- open source software
- cybersecurity
- AI in security
- incident response
Keywords
- supply chain attacks
- open source
- NPM packages
- AI-generated attacks
- software dependencies
Mentioned in this episode
Organizations: Microsoft
More episodes of Microsoft Threat Intelligence Podcast
- Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign · May 20, 2026 · 42 min
- Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft · May 6, 2026 · 52 min
- The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem · April 22, 2026 · 40 min
- Ransomware: From Isolated Attacks to Global Criminal Ecosystem · April 8, 2026 · 48 min
- Winter SHIELD: Closing the Security Control Gap · March 25, 2026 · 37 min
- AI as Tradecraft: How Threat Actors Are Operationalizing AI · March 11, 2026 · 22 min
Explore listener stats, chart rankings, contacts and more on the Microsoft Threat Intelligence Podcast podcast page.