The OpenSourceMalware Show
Claim This Podcastby OpenSourceMalware
Podcast Overview
<p>When you think about malware, you probably envision phishing emails or sketchy websites. But malicious open source - targeting software developers and their build systems - is becoming a top way that threat actors deliver malware. Just one 'npm install' can trigger payloads that steal information and credentials. Software supply chain attacks by state actors, ransomware groups, and freelancers are happening every day.</p><p><br></p><p>Hosted by Jenn Gile and Paul McCarty (co-founders of OpenSourceMalware), this podcast explores the latest trends and attacks, and helps defenders understand the tactics needed to prevent their orgs from being the next target.</p><p><br></p><p>OpenSourceMalware provides community-driven threat intelligence on malicious open source assets including packages, domains, IP addresses, crypto wallets, and more.</p><p><br></p><p>https://opensourcemalware.com/</p>
Language
🇺🇲
Publishing Since
4/27/2026
Reach the team behind The OpenSourceMalware Show
Verified contact details for this show aren't on file yet — sign up to get notified when they land.
Recent Episodes
June 18, 2026
Mastra compromise, agentjacking research, busting malware myths
Mastra Package Compromise: Threat actors hijacked the entire Mastra npm organization (116 packages) after a maintainer was targeted with a ClickFix-style attack that stole his credentials. Rather than injecting malware directly into Mastra packages, attackers pre-staged a typosquatted package called 'easy-day-js' and added it as a dependency across the org. The malware differs from the structurally similar Axios attack in one notable way: it targets browser extensions, including password mana...
June 11, 2026
MSFT hit by Miasma worm, VS Code cooldowns, npm v12 breaking changes
Miasma Worm Hits Microsoft — On June 5th, 73 Microsoft GitHub repositories were disabled in 105 seconds after being compromised by the Miasma worm. Four GitHub organizations were affected, including Azure Functions, which broke CI jobs worldwide for anyone calling those official GitHub Actions. The initial foothold traces back to a May 19th compromise of the Durable Task repo, with threat actors maintaining persistence via stolen credentials before returning to trigger the mass takedown. As o...
June 4, 2026
Miasma npm worm hits Red Hat, new OpenSourceMalware research on 2026 trends, the Moika campaign
This week Paul and Jenn talk about: Miasma Campaign — Starting June 1st with 32 Red Hat @redhat-cloud-services packages (averaging 80,000 weekly downloads) compromised, the campaign expanded to over 80 packages and 286+ malicious versions within days. The worm is the first confirmed in-the-wild use of TeamPCP's open-sourced MiniShai Hulud worm, though TeamPCP has not claimed credit. It is multi-ecosystem (npm, PyPI, RubyGems) and the Ruby variant appears to be LLM-translated, not part of the ...
9 total episodes available
Similar Podcasts
Discover related shows you might enjoy
Deep-dive analytics for The OpenSourceMalware Show
Frequently asked questions
Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.
- What is The OpenSourceMalware Show?
<p>When you think about malware, you probably envision phishing emails or sketchy websites. But malicious open source - targeting software developers and their build systems - is becoming a top way that threat actors deliver malware. Just one 'npm install' can trigger payloads that steal information and credentials. Software supply chain attacks by state actors, ransomware groups, and freelancers are happening every day.</p><p><br></p><p>Hosted by Jenn Gile and Paul McCarty (co-founders of OpenSourceMalware), this podcast explores the latest trends and attacks, and helps defenders understand the tactics needed to prevent their orgs from being the next target.</p><p><br></p><p>OpenSourceMalware provides community-driven threat intelligence on malicious open source assets including packages, domains, IP addresses, crypto wallets, and more.</p><p><br></p><p>https://opensourcemalware.com/</p> - How often does this podcast release new episodes?
This podcast updates daily.
- Where can I listen to this podcast?
This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.
- Does this podcast accept guests?
No, this podcast does not typically feature guests.
Legal Disclaimer
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.