Threat Snapshot: Defending Against Global Supply Chain Threats

Añadido: 2026-06-03

[00:00:00]It starts with a DM. A recruiter on LinkedIn. [music] You talk shop. The opportunity seems exciting. The interview goes great. They send the technical interview. You clone the repo, open the project, and in those seconds your AWS keys are gone. Your company's crown jewels exfiltrated. North Korean threat actors have perfected this playbook. [music] Famous Chalima, Stardust, Golden. They hide their attacks inside legitimate technical work. In early 2026, CrowdStrike uncovered 56 malicious GitHub projects using this trap. No malware install required. The moment you open the folder, shell commands execute. Tokens are stolen. They pivot to your cloud from completely separate infrastructure.

[00:00:40]Developers sit at the center of identity [clears throat] and deployment.

[00:00:43]Compromise one developer, access everything. Trust is the vulnerability.

[00:00:48]The developer is the entry point. Don't let this playbook work on you. Join our webinar and learn how to stop them.