The 2025 Software Supply Chain Security Report
Read Annual Report
Score the best Anti-Hack Backpack at RSAC 2025 - Booth N-4428
Schedule a Meeting
Looking for an alternative to VirusTotal? We've got you covered.
Learn More
On Demand Webinar

From Poisoned Pickles to Bad Patches: Unpacking Q1’s Software Supply Chain Threats

Threat Research Round-Up Q1 2025

Threat Research Round-Up Q1 2025

Watch as ReversingLabs threat researchers Karlo Zanki and Lucija Valentić, along with moderator Paul Roberts,  take a deep dive into Q1’s most notable software supply chain threats—spanning cryptocurrency, AI/ML ecosystems, and development tools.

This session connects the dots between multiple malicious campaigns to reveal broader attacker trends and evolving tactics.

Topics include:

  • A malicious NPM package ("ethers-provider2") that patches the legitimate “ethers” library to install a reverse shell.

  • The “nullifAI” attack: weaponized ML models using Pickle files hosted on Hugging Face.

  • Crypto-focused campaigns stealing secrets and targeting popular libraries.

Attendees will gain insight into attacker techniques, emerging risks across AI and dev ecosystems, and strategies for proactive detection and defense.

Watch now!

 

Watch Now

Meet the Speakers

Lucija Valentíc
Karlo Zanki
Paul Roberts