That free tool at the top of your Google search results might not be what it claims to be.
Cybersecurity researchers have flagged a large-scale operation impersonating legitimate open source and freeware projects — using fake sites that rank well on Google to push malware families like Stealers, Clippers, and Session hijackers through traffic distribution systems. The scary part? They look completely real.
In this segment of The Audit, co-hosts Joshua J. Schmidt, Eric Brown, and Nick Mellum break down what's actually happening inside these supply chain attacks — and why the bigger problem isn't just the malicious sites. It's the lack of pipeline discipline inside the organizations downloading from them.
From developers copy-pasting third-party code into enterprise GitHub repos, to the DevSecOps gap most organizations haven't closed, the crew gets real about why third-party supply chain risk doesn't get the same attention as phishing — even though the blast radius can be just as catastrophic.
// Full Audio Podcast //
🔗 Apple Podcasts: https://tinyurl.com/3bjh5c3p
🔗 Spotify: https://tinyurl.com/2hbkpjr9
// Learn More About IT Audit Labs //
🔗 IT Audit Labs on LinkedIn: /it-audit-labs
🔗 IT Audit Labs Official Website: https://www.itauditlabs.com/
If your developers are pulling in third-party code without a security review process, this episode is the conversation you need to have with your team. Like, subscribe, and share with your DevSecOps crew.
#cybersecurity #supplychainattack #opensource #malware #devsecops #thirpartyrisks #infosec #softwaresupplychain #veracode #theauditpodcast #ITauditlabs
In questa pagina del sito puoi guardare il video online DevSecOps or Dev-Reck-Ops? Third-Party Code Risk della durata di ore minuti seconda in buona qualità , che l'utente ha caricato IT Audit Labs - Cybersecurity Media 19 giugno 2026, condividi il link con amici e conoscenti, su youtube questo video è già stato visto 14 volte e gli è piaciuto 0 spettatori. Buona visione!