Charlie Erkson and Mackenzie Jackson return with breaking news on one of the wildest supply chain compromises to date. The popular NX packages—with millions of weekly downloads—were hijacked, and attackers used an LLM-powered malware to crawl systems for secrets like GitHub and NPM tokens. Even stranger, instead of exfiltrating data to a private server, the stolen information was dumped into public GitHub repositories, exposing sensitive credentials for anyone to see.In this episode of Bad Dependencies, the hosts unpack:How the NX compromise happened and why it’s uniquely reckless.The bizarre use of LLMs for system enumeration.Why publishing secrets to public repos raises the stakes for everyone.The remediation steps users must take if they were affected.Broader implications for the future of software supply chain security.Is this careless malware, or was the chaos intentional? Tune in for analysis, insights, and some grim humor as the hosts dissect a case study in just how bad things can get when package compromises go wrong.
No persons identified in this episode.
This episode hasn't been transcribed yet
Help us prioritize this episode for transcription by upvoting it.
Popular episodes get transcribed faster
Other recent transcribed episodes
Transcribed and ready to explore now
3ª PARTE | 17 DIC 2025 | EL PARTIDAZO DE COPE
01 Jan 1970
El Partidazo de COPE
Buchladen: Tipps für Weihnachten
20 Dec 2025
eat.READ.sleep. Bücher für dich
LVST 19 de diciembre de 2025
19 Dec 2025
La Venganza Será Terrible (oficial)
Christmas Party, Debris & Ping-Pong
19 Dec 2025
My Therapist Ghosted Me
Episode 1320: Becoming 'The Monk': Rex Ryan on playing Gerry Hutch on stage (Part 1)
19 Dec 2025
Crime World
Friends Thru A Lens: The Holidays with Ella Risbridger
19 Dec 2025
Sentimental Garbage