Software supply chain attacks can be catastrophic, as seen with the 2020 SolarWinds hack that impacted both the government and private sectors in the United States.Security researchers have identified that all significant package managers are vulnerable to supply chain attacks, such as typosquatting and dependency confusion. NuGet's default configuration makes it vulnerable by design.This session will first demonstrate how typosquatting and dependency confusion attacks can compromise .NET supply chains using the default NuGet setup. Then, we will explore effective strategies to secure your NuGet configuration and protect against these threats.