Sign up to save your podcasts
Or
Share The Hidden Risk in Your Stack [Data Security Decoded]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Hidden Risk in Your Stack [Data Security Decoded]
While our team is out on winter break, please enjoy this episode of Data Security Decoded from our partners at Rubrik.
In this episode of Data Security Decoded, host Caleb Tolin sits down with Hayden Smith, CEO of Hunted Labs, as he breaks down how software supply chain attacks really work, why open source dependencies create unseen exposure, and what modern threat actors are doing to exploit trust at scale. Caleb and Hayden dive deep into real-world attacks, emerging TTPs, AI-powered threat hunting, and what organizations must do today to keep pace. Listeners walk away with a clear picture of the problem—and a practical blueprint for reducing supply chain risk.
What You’ll Learn
How modern attackers infiltrate open source ecosystems through fake accounts and counterfeit package contributions.
Why dependency chains dramatically amplify both exposure and attacker leverage.
How to use threat intelligence and threat hunting to proactively evaluate upstream packages before adoption.
Where AI-powered code analysis is changing the ability to discover hidden vulnerabilities and suspicious patterns.
Why dependency pinning, SBOM discipline, and continuous monitoring now define a strong supply chain posture.
Episode Highlights
00:00 — Welcome + Why Software Supply Chain Risk Matters
02:00 — Hayden’s Non-Cyber Passion + Framing Today’s Topic
03:00 — Why Open Source Powers Everything—and Why That Creates Exposure
06:00 — The Real Attack Vector: Contribution as Initial Access
08:00 — Inside the Indonesian “Fake Package” Campaign
10:30 — How to Evaluate Code + Contributor Identity Together
12:00 — Threat Hunting and AI-Enabled Code Interrogation
15:00 — The Challenge of Undisclosed Vulnerabilities in Widely Used Components
16:30 — How Recovery Works When Malware Is Already in Your Stack
19:00 — Continuous Monitoring as the Foundation of Modern Supply Chain Security
22:00 — Pinning, Maintainer Analysis, and Code Interrogation Best Practices
24:00 — Where to Learn More About Hunted Labs
Episode Resources
Hunted Labs — https://huntedlabs.com
Hunted Labs Entercept
Hunted Labs “Hunting Ground” research blog
Open Source Malware (Paul McCarty)
Learn more about your ad choices. Visit megaphone.fm/adchoices
View all episodes
By N2K Networks
4.8
10061,006 ratings
While our team is out on winter break, please enjoy this episode of Data Security Decoded from our partners at Rubrik.
In this episode of Data Security Decoded, host Caleb Tolin sits down with Hayden Smith, CEO of Hunted Labs, as he breaks down how software supply chain attacks really work, why open source dependencies create unseen exposure, and what modern threat actors are doing to exploit trust at scale. Caleb and Hayden dive deep into real-world attacks, emerging TTPs, AI-powered threat hunting, and what organizations must do today to keep pace. Listeners walk away with a clear picture of the problem—and a practical blueprint for reducing supply chain risk.
What You’ll Learn
How modern attackers infiltrate open source ecosystems through fake accounts and counterfeit package contributions.
Why dependency chains dramatically amplify both exposure and attacker leverage.
How to use threat intelligence and threat hunting to proactively evaluate upstream packages before adoption.
Where AI-powered code analysis is changing the ability to discover hidden vulnerabilities and suspicious patterns.
Why dependency pinning, SBOM discipline, and continuous monitoring now define a strong supply chain posture.
Episode Highlights
00:00 — Welcome + Why Software Supply Chain Risk Matters
02:00 — Hayden’s Non-Cyber Passion + Framing Today’s Topic
03:00 — Why Open Source Powers Everything—and Why That Creates Exposure
06:00 — The Real Attack Vector: Contribution as Initial Access
08:00 — Inside the Indonesian “Fake Package” Campaign
10:30 — How to Evaluate Code + Contributor Identity Together
12:00 — Threat Hunting and AI-Enabled Code Interrogation
15:00 — The Challenge of Undisclosed Vulnerabilities in Widely Used Components
16:30 — How Recovery Works When Malware Is Already in Your Stack
19:00 — Continuous Monitoring as the Foundation of Modern Supply Chain Security
22:00 — Pinning, Maintainer Analysis, and Code Interrogation Best Practices
24:00 — Where to Learn More About Hunted Labs
Episode Resources
Hunted Labs — https://huntedlabs.com
Hunted Labs Entercept
Hunted Labs “Hunting Ground” research blog
Open Source Malware (Paul McCarty)
Learn more about your ad choices. Visit megaphone.fm/adchoices
More shows like CyberWire Daily
View all
Hacked
186 Listeners
Security Now (Audio)
2,010 Listeners
WSJ Tech News Briefing
1,651 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Risky Business
373 Listeners
SpyCast
1,533 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
653 Listeners
Smashing Security
318 Listeners
Click Here
418 Listeners
Darknet Diaries
8,079 Listeners
Cybersecurity Today
177 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
194 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
140 Listeners