LiveradioUS.com
Home Podcasts The OpenSourceMalware Show
The OpenSourceMalware Show

The OpenSourceMalware Show

OpenSourceMalware 7 episodes Latest Jun 4, 2026

This podcast explores the growing threat of malicious open source software, which targets developers and build systems. Hosted by Jenn Gile and Paul McCarty, co-founders of OpenSourceMalware, it covers the latest trends and attacks in software supply chain security. The show helps defenders understand tactics to prevent their organizations from being targeted. OpenSourceMalware provides community-driven threat intelligence on malicious open source assets.

Episodes

MSFT hit by Miasma worm, VS Code cooldowns, npm v12 breaking changes Jun 11, 2026 2353 Miasma Worm Hits Microsoft — On June 5th, 73 Microsoft GitHub repositories were disabled in 105 seconds after being compromised by the Miasma worm. Four GitHub organizations were affected, including Azure Functions, which broke CI jobs worldwide for anyone calling those official GitHub Actions. The initial foothold traces back to a May 19th compromise of the Durable Task repo, with threat actors m
Miasma npm worm hits Red Hat, new OpenSourceMalware research on 2026 trends, the Moika campaign Jun 4, 2026 2453 This week Paul and Jenn talk about:Miasma Campaign — Starting June 1st with 32 Red Hat @redhat-cloud-services packages (averaging 80,000 weekly downloads) compromised, the campaign expanded to over 80 packages and 286+ malicious versions within days. The worm is the first confirmed in-the-wild use of TeamPCP's open-sourced MiniShai Hulud worm, though TeamPCP has not claimed credit. It is mult
OSV false positives, Crowdstrike takedown of Glassworm infra, and MSFT nukes a researcher May 28, 2026 1696 This week Jenn and Paul covered:OSV false positives from AWS Inspector: AWS's automated malware detection pipeline submitted 157 false positive entries to osv.dev. The entries were merged before anyone caught the errors. When the community began pointing out that some of those "false positives" were actually real malware, AWS started adding some back, making this a mess on both ends
GitHub popped by malicious VS code extension, npm staged publishing debuts May 21, 2026 1706 This week Jenn and Paul cover:npm Staged Publishing: npm's new feature adds a human approval checkpoint before a package goes live. Real improvement, real caveats. We walk through what it does, where it falls short, and the questions the docs still don't answer.DPRK Axios-Linked npm Packages: Paul discovered three malicious npm packages tied to the March Axios attacker that have been qui
RubyGems bot attack, ShinyHunters ransom Canvas, and the latest on Mini Shai Hulud May 14, 2026 1971 Join OpenSourceMalware co-founders Jenn Gile and Paul McCarty for episode four!In this episode:RubyGems bot attack: Hundreds of bots pushed 500-plus packages to RubyGems, some carrying exploits, forcing the registry to shut down new account signups. Jenn and Paul break down why the DDoS label may be misleading and what this exposes about the friction-vs-safety tradeoff every open source registry f
Git hook persistence, Antrea compromise, Dirty Frag, cPanel exploitation, interpreted language malware May 7, 2026 1664 Join OpenSourceMalware co-founders Jenn Gile and Paul McCarty for episode three, covering the latest threat activity and a deep dive they've been promising since episode one.In this episode:DPRK Lazarus Group using git hooks: Paul's latest research shows the Contagious Interview / TaskJacker campaign has evolved. The initial loader is still the VS Code task.json file, but it now calls co
Lovable and Vercel incidents, GitHub RCE, EDR vs. AI agents, Mini Shai Halud by Team PCP Apr 30, 2026 1540 Join OpenSourceMalware co-founders Jenn Gile and Paul McCarty as they cover a week that had defenders everywhere ready to call it on 2026.In this episode, we cover four topics:Lovable and Vercel incident response failures: Two AI-native platforms had significant security incidents in recent weeks, and both initially responded by minimizing the severity. We break down why Lovable's regression
Bitwarden CLI compromise, npm lifecycle scripts, OWASP cheat sheet, cross-ecosystem attacks Apr 27, 2026 2256 Welcome to the very first episode of The OpenSourceMalware Show! Join OpenSourceMalware co-founders Jenn Gile and Paul McCarty as they break down the latest news, threats, and best practices in the open-source ecosystem. In this episode, we dive into four major topics:Bitwarden CLI Compromise: We analyze the recently discovered malicious version (2026.4.0) of the Bitwarden CLI package. We break do

Recommended

1Dime Radio
1Dime Radio
Tony of 1Dime
오늘 미국은
오늘 미국은
쟈니
$100M Offers by Alex Hormozi, Book Summary, Podcast, English
$100M Offers by Alex Hormozi, Book Summary, Podcast, English
Raghvendra Singh
0xResearch
0xResearch
Blockworks
10000 MINUTES
10000 MINUTES
Tim Timmons
1000 Things You Should Know
1000 Things You Should Know
Inception Point AI
1000x
1000x
1KX Media
1001 Classic Short Stories & Tales
1001 Classic Short Stories & Tales
Jon Hagadorn
1001raah | هزار و یک راه
1001raah | هزار و یک راه
Ali Etemadi
1001 Sherlock Holmes Stories & The Best of Sir Arthur Conan Doyle
1001 Sherlock Holmes Stories & The Best of Sir Arthur Conan Doyle
Arthur Conan Doyle
1001 Songs That Make You Want To Die
1001 Songs That Make You Want To Die
The 1001 Podcast Network
100 Famous Dogs
100 Famous Dogs
Soundville Holdings, LLC
Playing

LiveradioUS.com