Trust Boundaries Under Attack: Lessons From npm and OAuth Supply Chain Attacks Unpacked

ThreatTalk Series | Episode 7 | Part 1 of 2

Deputy CTO & Head of ARC Labs, John Dwyer, joins JP, Director of Threat Intelligence, to discuss how the path to stronger defenses begins with lessons learned from recent supply chain attacks like npm and the Salesloft OAuth attacks. These incidents are not isolated, but reveal the fragility of the inherent trust of open source technologies, third-party vendors, and the enterprises that depend on them. Attackers no longer need to compromise core infrastructure directly; by targeting a maintainer account or exploiting a third-party integration, they can quietly insert themselves into trusted workflows and impact hundreds of organizations at once.

For defenders, these breaches are a wake-up call: trust is not a security control, and supply chain resilience must be intentionally built. By examining how these attacks unfolded and why they succeeded, security teams can identify gaps in visibility, improve incident response playbooks, and push vendors toward stronger logging and security features. Building scalable, proactive defenses today will determine how resilient organizations are against tomorrow’s threats. In this ThreatTalk, Binary Defense experts will cover:

• What the npm and Salesloft Attacks Really Taught Us
• The Fragility of Our Trust In Third-party Vendors
• The Dangers of OAuth Token Abuse, Third-party Integrations, and SaaS Applications
• Why We Need To Think Differently to Build Stronger Defenses
• Ways to Close Gaps and Catch Anomalies Early With AI

What is a ThreatTalk?

Powered by ARC Labs, ThreatTalks is a webinar series crafted to drive engagement and provide timely and relevant intelligence on the state of the threat landscape. Led by our seasoned experts, each session dives into our latest threat intelligence trends and effective threat-hunting strategies.