DiscoverData Security DecodedThe Hidden Risk in Your Stack
The Hidden Risk in Your Stack

The Hidden Risk in Your Stack

Update: 2025-12-16
Share

Description

In this episode of Data Security Decoded, host Caleb Tolin sits down with Hayden Smith, CEO of Hunted Labs, as he breaks down how software supply chain attacks really work, why open source dependencies create unseen exposure, and what modern threat actors are doing to exploit trust at scale. Caleb and Hayden dive deep into real-world attacks, emerging TTPs, AI-powered threat hunting, and what organizations must do today to keep pace. Listeners walk away with a clear picture of the problem—and a practical blueprint for reducing supply chain risk.



What You’ll Learn 




  • How modern attackers infiltrate open source ecosystems through fake accounts and counterfeit package contributions.




  • Why dependency chains dramatically amplify both exposure and attacker leverage.




  • How to use threat intelligence and threat hunting to proactively evaluate upstream packages before adoption.




  • Where AI-powered code analysis is changing the ability to discover hidden vulnerabilities and suspicious patterns.




  • Why dependency pinning, SBOM discipline, and continuous monitoring now define a strong supply chain posture.




    Episode Highlights


    00:00 — Welcome + Why Software Supply Chain Risk Matters


    02:00 — Hayden’s Non-Cyber Passion + Framing Today’s Topic


    03:00 — Why Open Source Powers Everything—and Why That Creates Exposure


    06:00 — The Real Attack Vector: Contribution as Initial Access


    08:00 — Inside the Indonesian “Fake Package” Campaign


    10:30 — How to Evaluate Code + Contributor Identity Together


    12:00 — Threat Hunting and AI-Enabled Code Interrogation


    15:00 — The Challenge of Undisclosed Vulnerabilities in Widely Used Components


    16:30 — How Recovery Works When Malware Is Already in Your Stack


    19:00 — Continuous Monitoring as the Foundation of Modern Supply Chain Security


    22:00 — Pinning, Maintainer Analysis, and Code Interrogation Best Practices


    24:00 — Where to Learn More About Hunted Labs




    Episode Resources




Comments 
In Channel
The Hidden Risk in Your Stack

The Hidden Risk in Your Stack

2025-12-1627:12

Top CISO Priorities and Global Digital Trust with Morgan Adamski

Top CISO Priorities and Global Digital Trust with Morgan Adamski

2025-12-0223:46

Agentic AI and Identity Sprawl

Agentic AI and Identity Sprawl

2025-11-1824:38

Secure by Design, Secure by Default, Secure by Demand

Secure by Design, Secure by Default, Secure by Demand

2025-11-0426:22

Three Threats Reshaping Financial Services: Identity, Supply Chain, and AI

Three Threats Reshaping Financial Services: Identity, Supply Chain, and AI

2025-10-1427:26

Scattered Spider: the Evolution of Identity-Based Ransomware

Scattered Spider: the Evolution of Identity-Based Ransomware

2025-09-2313:44

Five-Year Plans, Forever Wars: China's Blueprint for Cyber Dominance

Five-Year Plans, Forever Wars: China's Blueprint for Cyber Dominance

2025-08-2629:34

Breaking the Intelligence-Defense Divide with Scott Scher

Breaking the Intelligence-Defense Divide with Scott Scher

2025-08-1325:51

The Geopolitical Security Playbook: When Nations Clash in Cyberspace

The Geopolitical Security Playbook: When Nations Clash in Cyberspace

2025-07-3124:45

HIPAA 2.0, Minimum Viable Hospitals, and Strategies for Cyber Resilience within Healthcare

HIPAA 2.0, Minimum Viable Hospitals, and Strategies for Cyber Resilience within Healthcare

2025-07-1522:17

Securing the Software Supply Chain

Securing the Software Supply Chain

2025-06-2417:08

AI-Driven Cyber Defense in Action: How AI Agents Are Saving SOC Analysts From Burnout

AI-Driven Cyber Defense in Action: How AI Agents Are Saving SOC Analysts From Burnout

2025-06-0424:24

Making Generative AI Transparent

Making Generative AI Transparent

2025-05-2032:14

The State of Data Security: A Distributed Crisis

The State of Data Security: A Distributed Crisis

2025-04-2229:57

Data Weaponization: How Cyber Attacks Impact the Vulnerable

Data Weaponization: How Cyber Attacks Impact the Vulnerable

2025-04-0822:38

Civilian Cyber Corps: Protecting Underfunded Organizations

Civilian Cyber Corps: Protecting Underfunded Organizations

2025-03-2731:39

How to Effectively Train Your Employees on Cybersecurity

How to Effectively Train Your Employees on Cybersecurity

2025-03-1829:03

Regulatory Readiness and Resilience with Kris Lovejoy, Global Security and Resilience Practice Leader at Kyndryl

Regulatory Readiness and Resilience with Kris Lovejoy, Global Security and Resilience Practice Leader at Kyndryl

2025-01-2132:55

Bridging Cyber Policy Gaps for Rural and Underserved Communities with Nicole Tisdale

Bridging Cyber Policy Gaps for Rural and Underserved Communities with Nicole Tisdale

2025-01-0701:02:48

Bridging the Gap Between IT and Security with Marcela Escobar-Alava and Joe Stenaka, CIO and CISO of the U.S. Social Security Administration

Bridging the Gap Between IT and Security with Marcela Escobar-Alava and Joe Stenaka, CIO and CISO of the U.S. Social Security Administration

2024-12-1836:24

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

The Hidden Risk in Your Stack

The Hidden Risk in Your Stack

Rubrik