{"podcast":{"title":"Day Two DevOps","slug":"day-two-devops","podcast_index_feed_id":341814,"rss_url":"https://feeds.packetpushers.net/day2cloud/","website_url":"https://packetpushers.net/","image_url":"https://static.feedpress.com/logo/day2cloud-669fc5e024d4b.jpg","author":"Packet Pushers","episode_count":250,"summary":"Join hosts Ned Bellavance and Ethan Banks as they dive deep into the challenges of cloud operations from the perspective of seasoned practitioners. You'll hear from expert guests—technical leaders, trainers, and consultants with years of hands-on experience—discussing the nuances of modern cloud environments. From AWS to Azure, networking to security, automation to DevOps, each weekly episode equips you with the insights to confidently address tech and business challenges such as resilience, cost management, and performance. Whether you want to hone your skills today or prepare for what’s coming next, Day Two Cloud cuts through the vendor fog to guide you through a shifting IT landscape.","last_synced_at":null,"page_url":"https://stenobird.com/podcast/day-two-devops"},"episode":{"title":"D2DO300: Open Source Malware!","slug":"d2do300-open-source-malware","published_at":"2026-04-15T16:55:01+00:00","page_url":"https://stenobird.com/podcast/day-two-devops/d2do300-open-source-malware","show_page_url":"https://stenobird.com/podcast/day-two-devops","url":"https://packetpushers.net/podcasts/day-two-devops/d2do300-open-source-malware/","audio_url":"https://feeds.packetpushers.net/link/20975/17319659/D2DO300.mp3","summary":"Malware delivery has shifted from traditional phishing to the exploitation of open source ecosystems like NPM. This episode explores how malicious packages, account takeovers, and AI-driven automation are compromising the software supply chain.","meta_description":"Learn how malware is infiltrating open source packages, NPM, and AI agents, and what organizations must do to secure their software supply chain.","key_points":["Main idea: Malware delivery is moving away from human-centric phishing toward machine-centric exploits in repositories and domains","Failure mode: Relying solely on developer responsibility for security ignores the systemic need for better registry-level guardrails","Practical takeaway: Organizations must treat open source supply chain security as a corporate-wide responsibility rather than just a developer task","Risk assessment: The window for malware existence is often shorter than corporate SLAs for patching vulnerabilities, making rapid detection critical","Future threat: AI-driven tools and agent marketplaces are creating new, highly automated vectors for large-scale infiltration"],"chapters":[{"start_ms":60000,"title":"Guest Introduction","summary":"Jenn Gile discusses her background in application security and the evolution of malware trends."},{"start_ms":250000,"title":"The Shift to Open Source Malware","summary":"An analysis of how malware has moved into NPM packages, domains, and repositories."},{"start_ms":435000,"title":"Markers of Malicious Code","summary":"A look at the strange indicators, such as emojis, used in modern malware analysis."},{"start_ms":625000,"title":"NPM Package Compromises","summary":"Examining how malicious versions of core packages are uploaded to high-traffic registries."},{"start_ms":805000,"title":"The Rise of Malicious Agents","summary":"Discussing the security implications of agent marketplaces and highly permissioned AI tools."},{"start_ms":1005000,"title":"The Security Gap in AI Tools","summary":"How the rapid adoption of AI-driven coding tools introduces unvetted security risks."},{"start_ms":1190000,"title":"The Vulnerability vs. Malware Dilemma","summary":"Comparing the risks of patching vulnerabilities against the immediate threat of active malware."},{"start_ms":1365000,"title":"Systemic Supply Chain Responsibility","summary":"Why organizations must move beyond individual developer responsibility to secure the supply chain."}],"topics":["Open Source Security","NPM Malware","Software Supply Chain","AI Security","DevOps","Malware Analysis","Application Security","Threat Intelligence"],"duration_seconds":2473,"processing_state":"processed","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/day-two-devops/episodes/d2do300-open-source-malware/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/day-two-devops/d2do300-open-source-malware.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}