Trusting the wrong package.

Trusting the wrong package.

From Only Malware in the Building by DISCARDED | N2K Networks

June 2, 2026 · 47 min · Season 1 · Episode 24

About this episode

The episode discusses the evolving threat of software supply chain attacks and the risks facing the open-source ecosystem.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. This week, our hosts dive into the evolving threat of software supply chain attacks and the growing risks facing the open-source ecosystem. As developers increasingly rely on third-party packages and AI-powered coding tools, attackers are finding new ways to abuse trusted software to reach a wider range of targets. The discussion explores why these attacks are becoming more common, what recent incidents reveal about the…

People in this episode

Host: Selena Larson

Guests: Dave Bittner, Keith Mularski

Topics covered

  • software supply chain attacks
  • open-source security
  • cyber threats
  • third-party packages
  • AI-powered coding tools

Keywords

  • software security
  • cybercrime
  • malware
  • supply chain
  • open-source packages
  • cyber puzzle

Mentioned in this episode

Organizations: Proofpoint, Qintel, N2K Networks

More episodes of Only Malware in the Building

Explore listener stats, chart rankings, contacts and more on the Only Malware in the Building podcast page.