Malicious NuGet package targets Stripe
Threat actors targeted developers with a bogus package — a shift away from the recent crypto development hack focus.
Featured
Malicious NuGet package targets Stripe
Inside the NuGet hackers' toolset
RL discovered two packages containing scripts that complete a typosquatting toolchain. Here's how it worked.
How AI agents upend supply chain security
Here’s what you need to know about their impact on software security — and what you can do to fight back.
Latest
Inside the NuGet hackers' toolset
RL discovered two packages containing scripts that complete a typosquatting toolchain. Here's how it worked.
Malicious NuGet package targets Stripe
Threat actors targeted developers with a bogus package — a shift away from the recent crypto development hack focus.
How AI agents upend supply chain security
Here’s what you need to know about their impact on software security — and what you can do to fight back.
Cybercrime-as-a-service forces a security rethink
With AI-powered tools readily available, sophisticated attacks no longer require sophisticated attackers.
How to Use YARA Retrohunting for Defense
Learn how to use RL’s analysis of "pkr_mtsi" to advance your detection engineering in Spectra Analyze.
Commercial software risk: New controls required
Legacy strategies and tooling can’t manage today’s software threats. Here’s why binary analysis is necessary.
Inside the fake crypto developer recruitment hack
Here’s a more-in-depth technical analysis of the packages involved in the "graphalgo" campaign.
Fake recruiter campaign targets crypto devs
A new branch of a fake job recruitment campaign, dubbed "graphalgo," is targeting developers with a RAT.
Gartner® CISO Playbook for Commercial SSCS: 3 key insights
Here are the takeaways CISOs and other security leaders should consider for their TPCRM strategies.
Notepad++ hack: Supply chain threats evolve
A compromise of the source code editor underscores attack method diversification. It's time to go beyond trust.
Lab offers 9 ways to improve MCP security
The Vulnerable MCP Servers Lab delivers integration training, demos, and instruction on attack methods.
RL SSCS Report: A 2025 retrospective
ReversingLabs looked at last year’s Software Supply Chain Security Report in the rear-view mirror. Here’s what RL got right — and wrong.
Inside the EmEditor supply chain compromise
By combining early infrastructure detection with supply chain security controls you can give your defenders a leg up.
How AI coding is breathing new life into Rust
AI tools are making Rust a favorite language of developers — even those maintaining codebases like Microsoft’s.
RL SSCS Report 2026: A guidance timeline
Here are the guidelines, mandates, frameworks, and goals that have refined software supply chain security policy.