From Typosquatting to Infrastructure Poisoning

FORMAT: TalkLEVEL: Intermediate LANGUAGE: Spanish

In 2026, Python supply chain security has moved beyond misspelled package names to become an infrastructure battlefield. This talk analyzes the technical transition from simple Typosquatting attacks to sophisticated poisoning of CI/CD tools and runtime environments. We'll explore recent real cases such as the TeamPCP campaign and the Aqua Security Trivy compromise, analyzing persistence techniques through .pth files that enable malicious execution without an explicit import. Finally, we'll present the roadmap for modern defense: from Sigstore and PEP 740 to compliance with the Cyber Resilience Act (CRA).

Speaker

Orlin David Cortez Alban

Developer @ Kernel Chaos

Backend Developer with 6+ years of experience designing and building systems. Proven ability to lead and manage teams, streamline development workflows, and solve technical challenges.

View speaker

Want to know more?

Join PyCon Colombia newsletter and get a complete overview of our events, speakers and community participation.