New! The 2025 Software Supply Chain Security Report
Don’t Miss It!
Securing Virtual Machines: The Fastest & Easiest Way to Identify Risk in VMs
Watch Now
Looking for an alternative to VirusTotal? We've got you covered.
Learn More
WEBINAR | April 17 at 11am-12pm ET

From Poisoned Pickles to Bad Patches: Unpacking Q1’s Software Supply Chain Threats

Threat Research Round-Up Q1 2025

Threat Research Round-Up Q1 2025

Join ReversingLabs threat researchers Karlo Zanki and Lucija Valentić for a look at recent malicious software supply chain campaigns targeting cryptocurrency and AI ecosystems. Moderated by Editorial Director Paul Roberts, this session will break down the latest findings and what they mean for software and AI supply chain security.

In this session, we'll cover:

  • A recent discovery of the “ethers-provider2” npm package — a malicious module that discreetly “patches” the legitimate, local copy of the open source “ethers” package to install a reverse shell. This attack showcases increasingly sophisticated methods used to compromise local development environments and evade traditional security measures.
  • The “nullifAI” attack, a widely reported campaign in which threat actors exploited Python’s Pickle file serialization format to embed malware inside machine learning models hosted on the Hugging Face platform. This case highlights the growing risk of attacks targeting AI/ML software supply chains and the trust users place in publicly shared models.

Attendees will walk away with insights into attacker methodologies, the growing risks facing software and AI ecosystems, and strategies for detection and mitigation.

Register now. *Attend live and receive an attendance certificate to be used towards CPE credits.

 

Register Now

Meet the Speakers

Lucija Valentíc
Karlo Zanki
Paul Roberts