Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore a comprehensive security conference presentation that reconstructs a sophisticated supply chain attack targeting the open-source ecosystem. Delve into the March 2025 "tj-actions" incident that initially appeared as a credential leak but revealed itself as part of a much larger, calculated campaign. Discover how attackers compromised multiple popular open-source projects months before the public disclosure, using them as stepping stones for lateral movement while maintaining an extremely low profile. Learn about the adversary's patient approach as they positioned themselves to specifically target Coinbase through weaponized open-source trust relationships. Examine the sophisticated evasion techniques employed throughout the campaign and understand how the attacker exploited the fundamental trust model that enables developers to share code and resources. Gain insights into previously undisclosed details about additional targeted projects and the full scope of this supply chain attack that demonstrates the vulnerabilities inherent in modern software development practices.
