NPM dependency confusion has emerged as a potent software supply chain attack vector via platforms like npm, with malicious packages surreptitiously added to these repositories, maintained by leading firms.

In this episode, we're joined by ReversingLabs Reverse Engineer Karlo Zanki to dig into some of our recent findings that show dependency confusion attacks are being used to advance what appear to be targeted supply chain attacks. We will also talk about how development organizations can monitor for and prevent these kinds of attacks.