In this episode of Bad Dependencies, Mackenzie and security researcher Charlie Erickson break down a fast-moving software supply chain attack led by Team PCP.Starting with the compromise of Trivy, the attackers leveraged stolen credentials to spread into ecosystems like NPM and LiteLLM, impacting widely used developer tools and AI infrastructure. The conversation explores how the attack evolved, including worm-like behavior, credential harvesting, and ransomware tactics.Charlie shares real-time insights into the attackers’ methods, motivations, and the ongoing nature of the incident, along with practical advice on mitigation such as credential rotation, dependency pinning, and securing CI/CD pipelines.

In this episode, I sit down with Charlie Eriksen, the researcher who uncovered the Shai Hulud 2.0 campaign, for a deep dive into one of the wildest supply-chain attacks we’ve seen. What began as a strange detection quickly unraveled into a worm that spread across npm, GitHub, and even a compromised Open VSX extension.

“Patient Zero” was AsyncAPI, where the attackers exploited a subtle GitHub Actions flaw that let them run malicious code inside the org’s own CI pipelines without their pull request ever being merged. Unmerged PR → full RCE → stolen org-level credentials.

From there, the worm propagated through packages, harvested secrets with TruffleHog, dumped them into tens of thousands of GitHub repos, and, most shockingly, contained a wiper mode that deleted a victim’s entire home directory if it couldn’t create new repos.

It’s a fascinating and slightly terrifying look at how modern supply-chain attacks actually work under the hood. Give it a listen.

In this episode of Bad Dependencies, Mackenzie Jackson and Charlie Eriksen dive into one of the most sophisticated malware incidents to target developers — the OpenVSX compromise. They unpack how attackers hid malicious code using Unicode obfuscation, discuss the shift from npm to VS Code extension attacks, and explore how the open-source ecosystem is responding. The episode also covers npm’s new token policies, trusted publishing, and what these changes mean for the future of supply chain security.Chapters:00:00 – Introduction & Discovery02:00 – What is OpenVSX and How It Works03:40 – Anatomy of the Malware Attack05:00 – Unicode Obfuscation and Detection08:20 – Attackers Move from npm to VS Code11:00 – npm’s Security Policy Overhaul17:40 – Trusted Publishing and the Future of Supply Chain Security