Discovering Shai-Hulud and the Struggle to Raise the Alarm: Bad Dependencies ft Daniel Pereira

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/20/69/48/20694887-9f9d-ff51-714f-501bb4159412/mza_8945796113236339360.jpg/600x600bb.jpg

Bad Dependencies Podcast

Mackenzie Jackson

8 episodes

5 days ago

Welcome to Bad Dependencies, the podcast where the digital supply chain gets audited in real-time. Hosted by security researchers Charlie Erikson and Mackenzie Jackson from Aikido Security, this bi-weekly show dives deep into the wildest, weirdest, and most dangerous malware found lurking in package registries like NPM and PyPI. From image-based payloads to AI-generated code noise, nothing is off-limits as Charlie and Mackenzie explore the bleeding edge of software supply chain attacks. Whether you’re a developer, security enthusiast, or just malware-curious, Bad Dependencies will open your ey

Technology

RSS

All content for Bad Dependencies Podcast is the property of Mackenzie Jackson and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/43802306/43802306-1748868151508-47df53ea4807e.jpg

Discovering Shai-Hulud and the Struggle to Raise the Alarm: Bad Dependencies ft Daniel Pereira

Bad Dependencies Podcast

29 minutes 2 seconds

1 month ago

Discovering Shai-Hulud and the Struggle to Raise the Alarm: Bad Dependencies ft Daniel Pereira

In this episode, host Mackenzie Jackson is joined by Charlie Erikson and Daniel Pereira to uncover the story of Shai-Hulud — a self-propagating worm that shook the NPM ecosystem. Like the great sandworm of Arrakis, it surfaced suddenly, exfiltrating secrets and spreading through unsuspecting packages.Daniel recounts his discovery and the frustrating desert-like silence from major platforms as he tried to raise the alarm. Charlie dives into the worm’s anatomy, from environment variable theft to GitHub action exploits, showing how attackers evolved their tactics from the earlier NX breach.Together, they reflect on what it takes to fight worms in the shifting sands of open source, and why the community needs faster ways to respond before the next Shai-Hulud emerges.