supply-chain-attack
3 videos across 3 channels
A look at the rising wave of supply-chain breaches that exploit software dependencies and automation, fueled by AI-enabled threats. It ties real incidents—from hijacked caches and post-install payloads to a high-profile Axios compromise—to calls for radical changes in open-source practices, patching, and deeper defense across pipelines, with practical steps for individuals and teams to reduce risk.
Everything is pwn’d now
The video surveys a surge of security breaches across software ecosystems, explains why traditional disclosure and open
Why does this keep happening?
A discussion of the Shy Halude worm and a broader supply-chain attack that compromised multiple npm, PNPM, and other pop
the WORST hack of 2026
The video explains a high-profile supply chain attack on the Axios npm package, where an attacker hijacked a maintainer’