Blog | ReversingLabs | Carolynn van Arsdale (6)

April 10, 2023

What went wrong with the 3CX software supply chain attack — and how it could have been prevented

Expert breaks down the 3CX software supply chain incident, and explains how app sec tools are evolving to detect and prevent such attacks.

April 6, 2023

The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized

This week: Research connects the rise of AI tools and an increase in social engineering attacks. Also: A stolen credentials site is seized by the FBI.

March 30, 2023

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

This week: GitHub is issued a subpoena by Twitter over leaked source code. Also: 3CX software supply chain attack leaves millions at risk.

March 24, 2023

From the Labs: YARA Rule for Detecting NB65

ReversingLabs YARA detection rule for NB65 can help you find this ransomware in your environment.

March 23, 2023

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

This week: NuGet is hit with a malicious typosquatting campaign. Also: A malicious ChatGPT Chrome extension is hijacking Facebook accounts.

March 16, 2023

The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware

A Russian-speaking threat actor has breached several European organizations. Also: AI-created videos on YouTube are spreading infostealer malware.

March 9, 2023

The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up

North Korean-linked hacking group Lazarus attacked the same South Korean financial entity twice in 2022. Also: The number of hard-coded secrets is way up.

March 2, 2023

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

New details expose that the recent hack on LastPass was worse than previously thought. Also: CISA has called for for software makers who develop insecure software to be held liable.

February 27, 2023

Lessons learned from the CircleCI secrets breach

The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned.

February 23, 2023

The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm

A misconfiguration likely caused a U.S. government server to leak sensitive military emails, and a massive phishing spam campaign has taken over npm.

February 16, 2023

The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

This week: Russian-linked PIPEDREAM malware targeted critical infrastructure. Also: 400 malicious packages found on PyPI demonstrates attacker prowess.

February 14, 2023

Software composition analysis and the evolution of application security

Here are key takeaways from The Software Composition Analysis Landscape, Q1 2023 report — and how app sec is evolving to adapt to supply chain threats

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

What went wrong with the 3CX software supply chain attack — and how it could have been prevented

The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

From the Labs: YARA Rule for Detecting NB65

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware

The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

Lessons learned from the CircleCI secrets breach

The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm

The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

Software composition analysis and the evolution of application security

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports