The OpenSourceMalware Show
When you think about malware, you probably envision phishing emails or sketchy websites. But malicious open source - targeting software developers and their build systems - is becoming a top way that threat actors deliver malware. Just one 'npm install' can trigger payloads that steal information and credentials. Software supply chain attacks by state actors, ransomware groups, and freelancers are happening every day.
Hosted by Jenn Gile and Paul McCarty (co-founders of OpenSourceMalware), this podcast explores the latest trends and attacks, and helps defenders understand the tactics needed to prevent their orgs from being the next target.
OpenSourceMalware provides community-driven threat intelligence on malicious open source assets including packages, domains, IP addresses, crypto wallets, and more.
https://opensourcemalware.com/
The OpenSourceMalware Show
Latest Episodes
MSFT hit by Miasma worm, VS Code cooldowns, npm v12 breaking changes
Miasma Worm Hits Microsoft — On June 5th, 73 Microsoft GitHub repositories were disabled in 105 seconds after being compromised by the Miasma worm. Four GitHub organizations were affected, including Azure Functions, which broke CI jobs w...
Miasma npm worm hits Red Hat, new OpenSourceMalware research on 2026 trends, the Moika campaign
This week Paul and Jenn talk about:Miasma Campaign — Starting June 1st with 32 Red Hat @redhat-cloud-services packages (averaging 80,000 weekly downloads) compromised, the campaign expanded to over 80 packages and 286+ malici...
OSV false positives, Crowdstrike takedown of Glassworm infra, and MSFT nukes a researcher
This week Jenn and Paul covered:OSV false positives from AWS Inspector: AWS's automated malware detection pipeline submitted 157 false positive entries to osv.dev. The entries were merged before anyone caught the errors. When...
GitHub popped by malicious VS code extension, npm staged publishing debuts
This week Jenn and Paul cover:npm Staged Publishing: npm's new feature adds a human approval checkpoint before a package goes live. Real improvement, real caveats. We walk through what it does, where it falls short, and the q...
RubyGems bot attack, ShinyHunters ransom Canvas, and the latest on Mini Shai Hulud
Join OpenSourceMalware co-founders Jenn Gile and Paul McCarty for episode four!In this episode:RubyGems bot attack: Hundreds of bots pushed 500-plus packages to RubyGems, some carrying exploits, forcing the registry to...
Podcasts we love
Check out these other fine podcasts recommended by us, not an algorithm.
Open Source Security
Josh Bressers
Future of Threat Intelligence
Team CymruAbsolute AppSec
Ken Johnson and Seth Law
Coffee, Chaos and ProdSec
Cameron Walters and Kurt Hendle