
Axios and Trivy — Supply Chain Gaps Organizations Must Fix
From ShadowTalk: Powered by ReliaQuest by ReliaQuest
April 8, 2026 · 25 min
About this episode
The episode discusses significant supply chain attacks and the security gaps organizations need to address.
Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts John and Tehman as they break down two of the most consequential supply chain attacks of 2026: How DPRK actors socially engineered a NPM maintainerWhy hijacked GitHub versions are a CI/CD wake-up callThe three gaps every security team needs to closeJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he prev...
Topics covered
- supply chain attacks
- cybersecurity
- NPM maintainer
- GitHub
- CI/CD
Keywords
- DPRK
- social engineering
- cyber threats
- security teams
Mentioned in this episode
Products: NPM, GitHub
Places: DPRK
More episodes of ShadowTalk: Powered by ReliaQuest
- China-Linked Cyber Espionage: How OP-512 Exploited Legacy IIS Servers and Evaded Detection · June 10, 2026 · 23 min
- SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access · June 3, 2026 · 21 min
- Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook · May 27, 2026 · 29 min
- SQLite, Mistral, OpenAI: How AI Attacks Are Reshaping the Attack Surface · May 20, 2026 · 20 min
- Canvas, Trellix, Mini Shai-Hulud: How Defenders Respond When Supply Chain Attacks Become Weekly · May 14, 2026 · 32 min
- Akira, ShinyHunters, and The Gentlemen: Extortion Lessons From Early 2026 · May 6, 2026 · 35 min
Explore listener stats, chart rankings, contacts and more on the ShadowTalk: Powered by ReliaQuest podcast page.