From Poisoned Pickles to Bad Patches: Unpacking Q1’s Software Supply Chain Threats

Watch as ReversingLabs threat researchers Karlo Zanki and Lucija Valentić, along with moderator Paul Roberts,  take a deep dive into Q1’s most notable software supply chain threats—spanning cryptocurrency, AI/ML ecosystems, and development tools.

This session connects the dots between multiple malicious campaigns to reveal broader attacker trends and evolving tactics.

Topics include:

• A malicious NPM package ("ethers-provider2") that patches the legitimate “ethers” library to install a reverse shell.
• The “nullifAI” attack: weaponized ML models using Pickle files hosted on Hugging Face.
• Crypto-focused campaigns stealing secrets and targeting popular libraries.

Viewers will gain insight into attacker techniques, emerging risks across AI and dev ecosystems, and strategies for proactive detection and defense.

Watch now!