
Trusting the wrong package.
From Only Malware in the Building by DISCARDED | N2K Networks
June 2, 2026 · 47 min · Season 1 · Episode 24
About this episode
The episode discusses the evolving threat of software supply chain attacks and the risks facing the open-source ecosystem.
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. This week, our hosts dive into the evolving threat of software supply chain attacks and the growing risks facing the open-source ecosystem. As developers increasingly rely on third-party packages and AI-powered coding tools, attackers are finding new ways to abuse trusted software to reach a wider range of targets. The discussion explores why these attacks are becoming more common, what recent incidents reveal about the…
People in this episode
Host: Selena Larson
Guests: Dave Bittner, Keith Mularski
Topics covered
- software supply chain attacks
- open-source security
- cyber threats
- third-party packages
- AI-powered coding tools
Keywords
- software security
- cybercrime
- malware
- supply chain
- open-source packages
- cyber puzzle
Mentioned in this episode
Organizations: Proofpoint, Qintel, N2K Networks
More episodes of Only Malware in the Building
- Mythbehavior under investigation. · May 5, 2026 · 45 min
- Who’s logging in? · April 7, 2026 · 43 min
- AI swarms and cyber alarms. · March 10, 2026 · 52 min
- When legit is the trick: Phishing’s sneaky new moves. · February 3, 2026 · 40 min
- Poisoned at the source. · January 6, 2026 · 45 min
- Yippee-ki-yay, cybercriminals! · December 2, 2025 · 40 min
Explore listener stats, chart rankings, contacts and more on the Only Malware in the Building podcast page.