Dune and Gloom Under the AppSec Tree: From Shai-Hulud to React2Shell

Supply-chain vulnerabilities are getting more frequent and dangerous, with the Shai-Hulud npm worm and React2Shell RCE vulnerability being just two of the recent ones.

In this episode of AppSec Serialized, Dan Murphy and Ryan Bergquist analyze those recent threats (plus a bonus Django vulnerability) and talk about the implications of security risk shifting towards dependencies.