Webinar - From Poisoned Pickles to Bad Patches: Unpacking Q1’s Software Supply Chain Threats

#1675946: Webinar - From Poisoned Pickles to Bad Patches: Unpacking Q1’s Software Supply Chain Threats

Description:	Join ReversingLabs threat researchers Karlo Zanki and Lucija Valentić for a look at recent malicious software supply chain campaigns targeting cryptocurrency and AI ecosystems. Moderated by Editorial Director Paul Roberts, this session will break down the latest findings and what they mean for software and AI supply chain security. In this session, we'll cover: A recent discovery of the “ethers-provider2” npm package — a malicious module that discreetly “patches” the legitimate, local copy of the open source “ethers” package to install a reverse shell. This attack showcases increasingly sophisticated methods used to compromise local development environments and evade traditional security measures. The “nullifAI” attack, a widely reported campaign in which threat actors exploited Python’s Pickle file serialization format to embed malware inside machine learning models hosted on the Hugging Face platform. This case highlights the growing risk of attacks targeting AI/ML software supply chains and the trust users place in publicly shared models. Attendees will walk away with insights into attacker methodologies, the growing risks facing software and AI ecosystems, and strategies for detection and mitigation.
More info:	https://www.reversinglabs.com/webinar/threat-research-roundup-q1-2025

Description:

Join ReversingLabs threat researchers Karlo Zanki and Lucija Valentić for a look at recent malicious software supply chain campaigns targeting cryptocurrency and AI ecosystems. Moderated by Editorial Director Paul Roberts, this session will break down the latest findings and what they mean for software and AI supply chain security.

In this session, we'll cover:

A recent discovery of the “ethers-provider2” npm package — a malicious module that discreetly “patches” the legitimate, local copy of the open source “ethers” package to install a reverse shell. This attack showcases increasingly sophisticated methods used to compromise local development environments and evade traditional security measures.

The “nullifAI” attack, a widely reported campaign in which threat actors exploited Python’s Pickle file serialization format to embed malware inside machine learning models hosted on the Hugging Face platform. This case highlights the growing risk of attacks targeting AI/ML software supply chains and the trust users place in publicly shared models.

Attendees will walk away with insights into attacker methodologies, the growing risks facing software and AI ecosystems, and strategies for detection and mitigation.

More info:

https://www.reversinglabs.com/webinar/threat-research-roundup-q1-2025

Date added	April 11, 2025, 12:16 p.m.
Source	ReversingLabs
Subjects	AI/ML - Artificial Intelligence / Machine Learning / Artificial General Intelligence - AGI - Various PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. Retail / Supply Chain Industry News
Venue	April 17, 2025, midnight - April 17, 2025, midnight