ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Dependency Confusion As A Tool For Targeted NPM Hacks"
Episode Synopsis
NPM dependency confusion has emerged as a potent software supply chain attack vector via platforms like npm, with malicious packages surreptitiously added to these repositories, maintained by leading firms. In this episode, we're joined by ReversingLabs Reverse Engineer Karlo Zanki to dig into some of our recent findings that show dependency confusion attacks are being used to advance what appear to be targeted supply chain attacks. We will also talk about how development organizations can monitor for and prevent these kinds of attacks.
More episodes of the podcast ConversingLabs Podcast
Can Frameworks Stop Supply Chain Attacks?
04/12/2025
The State of Vulnerability Management
05/11/2025
Who Will Maintain Open Source’s Future?
14/10/2025
Security Badging Open-Source Projects
21/08/2025
Aviation Has A Software Problem
10/07/2025
The Threat of Package Hallucinations
01/07/2025
Going Back to Basics to Thwart Attacks
08/05/2025
AppSec Girl Power
10/04/2025
Cybersecurity's Double-Edged Sword
26/03/2025
The Evolution of Threat Intel
17/03/2025
In God we trust