From Trivy to LiteLLM: The Domino Effect of TeamPCP’s Attack

Inside the Mastra NPM Attack: Contagious Interviews & Poisoned Dependencies

In this episode of Bad Dependencies, host Mackenzie Jackson sits down with security researcher Charlie Eriksen to dissect a massive software supply chain attack hitting the Mastra AI ecosystem. Breaking down how an attacker compromised a maintainer's account to inject a malicious transitive dependency (easy-day-js) across over 140 packages, they explore the sophisticated social engineering tactics behind the breach. The duo also discusses critical defensive strategies—from package manager cooldown periods to upcoming NPM security changes—and warns developers about why build pipelines have become the latest critical attack surface. Chapters * 00:00 – Introduction * 00:28 – The Mastra AI Ecosystem Attack Explained * 02:18 – The Payload: Remote Access Trojans (RATs) & Crypto Stealers * 03:26 – Phishing the Maintainer: The "Microphone Trick" & North Korea * 05:45 – Reach of the Attack & Incident Response Playbook * 08:47 – Preventative Measures: Cooldown Windows & Closing the OIDC Door * 13:08 – NPM Version 12 and the End of Post-Install Scripts * 16:05 – The Next Attack Surface: GitHub Actions & Governance * 20:06 – Outro (And One Last Bad Vibe)

Google API keys keep working after you delete them - Bad Dependencies with Joe Leon

In this episode of Bad Dependencies, host Mackenzie Jackson sits down with security researcher Joe Leon to dissect a major shift in Google API key sensitivity. For years treated as benign public identifiers, these same keys became high-risk vectors following the integration of Google Gemini, allowing threat actors to rack up enormous cloud bills and access cached files. Joe reveals his startling discovery that deleting a compromised GCP API key didn't instantly revoke it, allowing it to authenticate requests for up to 23 minutes, a flaw Google initially dismissed as "expected behavior" before later prioritizing it as a critical bug.Report "Google API keys keep working after you delete them" https://www.aikido.dev/blog/google-api-keys-deletionReport: Google API Keys Weren't Secrets. But then Gemini Changed the Rules https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

GitHub Breach: Inside the Team PCP Supply Chain Breach

In this episode of Bad Dependencies, we analyze the reported leak of GitHub's source code and the sale of thousands of its repositories. We map out the chain of events leading up to the incident, including recent compromises of a Visual Studio Code extension and a PyPI package. The discussion covers the tactics of the threat actor group Team PCP, the practical limitations of rapid credential rotation at scale, and why implementing a cooldown period for dependency updates can help safeguard your development pipeline. -- This episode is sponsored by Aikido Security: Protect your developer environments from supply chain attacks with Aikido Device Security. Learn more at aikido.dev/protect/device-protection.

Shai-Hulud is Back: TanStack & Mistral AI Breach by TeamPCP Mini Worm

In this episode of Bad Dependencies, we dive into the "wormy" chaos of the latest supply chain attack hitting the JavaScript ecosystem. Join researcher Charlie Eriksen as he breaks down how the threat actor group TeamPCP compromised the widely-used TanStack ecosystem and successfully pivoted into Mistral AI. We explore the technical "perfection" of this attack: a lethal combination of pull_request_target misconfigurations, GitHub Actions cache poisoning, and OIDC signature abuse. Charlie also sheds light on a terrifying new trend, the attackers have open-sourced their worm, complete with a "dead man's switch" designed to wipe infected machines if credentials are revoked.

From Trivy to LiteLLM: The Domino Effect of TeamPCP’s Attack

In this episode of Bad Dependencies, Mackenzie and security researcher Charlie Erickson break down a fast-moving software supply chain attack led by Team PCP.Starting with the compromise of Trivy, the attackers leveraged stolen credentials to spread into ecosystems like NPM and LiteLLM, impacting widely used developer tools and AI infrastructure. The conversation explores how the attack evolved, including worm-like behavior, credential harvesting, and ransomware tactics.Charlie shares real-time insights into the attackers’ methods, motivations, and the ongoing nature of the incident, along with practical advice on mitigation such as credential rotation, dependency pinning, and securing CI/CD pipelines.