Blog | ReversingLabs | Paul Roberts

Paul Roberts

Content Lead at ReversingLabs. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cybersecurity space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show.

Find Paul Roberts on: Twitter LinkedIn

Recent Posts from Paul Roberts

XZ Trojan highlights software supply chain risk posed by 'sock puppets'

April 11, 2024

XZ Trojan highlights software supply chain risk posed by 'sock puppets'

There is no fool-proof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three key indicators.

A software supply chain meltdown: What we know about the XZ Trojan

April 1, 2024

A software supply chain meltdown: What we know about the XZ Trojan

Software tampering and social engineering were used in a months-long campaign to plant malicious code in major Linux distributions. Here's what we know.

How CISA’s secure software development attestation form falls short

March 18, 2024

How CISA’s secure software development attestation form falls short

Here’s what we know about the government's new software attestation form — and what needs to change to better manage modern software supply chain risk.

The Cloudflare source code breach: Lessons learned

February 6, 2024

The Cloudflare source code breach: Lessons learned

This latest incident underscores the continuing risks to organizations posed by both third-party software and leaks of development secrets alike.

Lessons from the Mercedes-Benz GitHub source code leak

February 1, 2024

Lessons from the Mercedes-Benz GitHub source code leak

Here's what we know about the automaker's latest secrets breach — and lessons your security team can draw from it.

HPE, Microsoft breach disclosures mark new era of CISO accountability

January 30, 2024

HPE, Microsoft breach disclosures mark new era of CISO accountability

Disclosures from Microsoft and HPE mark the confluence of two forces: stepped up cyber espionage by Russia's SVR, and tough new SEC disclosure rules.

A (partial) history of software supply chain attacks

January 16, 2024

A (partial) history of software supply chain attacks

The Sunburst hack of SolarWinds put supply chain attacks on everyone’s radar. But they aren’t new. Here’s our abbreviated history.

Protestware taps npm to call out wars in Ukraine, Gaza

November 16, 2023

Protestware taps npm to call out wars in Ukraine, Gaza

ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.

The art of security chaos engineering

September 20, 2023

The art of security chaos engineering

What if dev and app sec teams showed the same nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why it's essential.

6 things you may have missed at Hacker Summer Camp

August 15, 2023

6 things you may have missed at Hacker Summer Camp

Black Hat, DEF CON, and BSides (Hacker Summer Camp) is known for being information-overload for cybersecurity leaders and practitioners. Here are the sessions that stand out.

8 Black Hat sessions you don’t want to miss

August 7, 2023

8 Black Hat sessions you don’t want to miss

Black Hat USA is a showcase for top security experts and companies. Here's our short list of must-see sessions for 2023.

More malicious npm packages found in wake of JumpCloud supply chain hack

July 27, 2023

More malicious npm packages found in wake of JumpCloud supply chain hack

ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.

Latest Blog Posts

Chinese APT Group Exploits SOHO Routers

Chinese APT Group Exploits SOHO Routers

Conversations About Threat Hunting and Software Supply Chain Security

Reproducible Builds: Graduate Your Software Supply Chain Security

Reproducible Builds: Graduate Your Software Supply Chain Security

Glassboard conversations with ReversingLabs Field CISO Matt Rose

Software Package Deconstruction: Video Conferencing Software

Software Package Deconstruction: Video Conferencing Software

Analyzing Risks To Your Software Supply Chain