Supply Chain Attacks: How One Update Hit OpenAI episode artwork

EPISODE · Jun 12, 2026 · 8 MIN

Supply Chain Attacks: How One Update Hit OpenAI

from Plaintext with Rich · host Rich Greene

A routine software update. No phishing. No sketchy download. Then a security team finds the unthinkable: trusted code has been hijacked, and the breach rode in through the exact channels engineers rely on every day. I walk through the supply chain attacks that piled up across April and May 2026, including poisoned open source packages tied to TanStack and trojanized Daemon Tools installers, plus the rapid-fire abuse of major software registries like NPM, PyPI, and Docker Hub. The most important twist is what the malware is hunting. These campaigns aren’t primarily chasing customer data. They’re after the assets sitting on developer laptops and flowing through build servers: developer credentials, API keys, cloud tokens, SSH keys, and the permissions that turn “one compromised machine” into “access everywhere.” I explain why this shift is happening now through two lenses: trust (software is assembled, not written from scratch) and leverage (compromise one popular dependency and you reach everyone who installs it). Then we get practical about software supply chain security and CI/CD security. I break down how a poisoned pipeline can still output packages that look legitimate, complete with valid signatures, and why that makes detection so hard. Finally, I lay out five moves you can take right now: build an SBOM, treat CI/CD like production, watch for suspicious dependency changes and too-fresh releases, rotate to short-lived scoped secrets, and patch known-bad tool versions quickly. Subscribe, share this with a developer or leader who approves tooling, and leave a review so more teams stop trusting updates on autopilot.Is there a topic/term you want me to discuss next? Text me!!YouTube more your speed? → https://links.sith2.com/YouTube  Apple Podcasts your usual stop? → https://links.sith2.com/Apple  Neither of those? Spotify’s over here → https://links.sith2.com/Spotify  Prefer reading quietly at your own pace? → https://links.sith2.com/Blog  Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord  Follow the human behind the microphone → https://links.sith2.com/linkedin  Need another way to reach me? That’s here → https://linktr.ee/rich.greene

A routine software update. No phishing. No sketchy download. Then a security team finds the unthinkable: trusted code has been hijacked, and the breach rode in through the exact channels engineers rely on every day. I walk through the supply chain attacks that piled up across April and May 2026, including poisoned open source packages tied to TanStack and trojanized Daemon Tools installers, plus the rapid-fire abuse of major software registries like NPM, PyPI, and Docker Hub. The most ...

NOW PLAYING

Supply Chain Attacks: How One Update Hit OpenAI

0:00 8:45

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

MG Show MG Show The MG Show, hosted by Jeffrey Pedersen and Shannon Townsend, is a leading alternative media platform dedicated to uncovering the truth behind today’s most pressing political issues. Launched in 2019, the show has grown exponentially, offering unfiltered insights, comprehensive research, and real-time analysis. With a commitment to independent journalism and factual integrity, the MG Show empowers its audience with knowledge and encourages active participation in the political discourse. French Your Way Jessica: Native French teacher founder of French Your Way Boost your French listening skills and test your comprehension with this one of a kind series of podcasts. Get the chance to listen to a real conversation between native speakers talking at normal speed AND customise your learning experience through carefully designed sets of questions (2 levels of difficulty) available for download at www.frenchvoicespodcast.com. All interviews also come with the transcript. French teacher Jessica interviews native speakers of French from around the world who share a bit of their life and passion. Where else would you meet in one same place a French yoga teacher based in Melbourne, a soap manufacturer from Provence, or a couple cycling around the world? That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting!

Frequently Asked Questions

How long is this episode of Plaintext with Rich?

This episode is 8 minutes long.

When was this Plaintext with Rich episode published?

This episode was published on June 12, 2026.

What is this episode about?

A routine software update. No phishing. No sketchy download. Then a security team finds the unthinkable: trusted code has been hijacked, and the breach rode in through the exact channels engineers rely on every day. I walk through the supply chain...

Can I download this Plaintext with Rich episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!