Explore the evolving landscape of open source supply chain attacks in this 42-minute Linux Foundation conference talk. Dive into automated threat detection processes and discover open source tools for identifying malicious packages at scale. Examine the RED LILI attack, involving over 1,500 malicious packages from a single threat actor, and learn about the infrastructure required for such large-scale operations. Investigate the UA-Parser incident, where a legitimate account was compromised, and understand the tactics, techniques, and procedures used in account takeovers. Learn about Chain Alert, a free service for the open-source community to warn against these attacks. Analyze the "Protestware" phenomenon, exemplified by the node-ipc package incident targeting Russian and Belarusian IP addresses. Gain insights into attacker evolution, identity theft, and the trust paradox in open source software. Understand the critical nature of open source and the need for a mindset shift in addressing these security challenges. Read more