FAQ: The Shai-hulud npm worm attack explained
Here's what you need to know about the discovery of the first self-replicating npm worm, which compromised packages with cloud token-stealing malware.
Paul Roberts
Director of Content and Editorial at RL. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cybersecurity space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show.
Posts from Paul Roberts
FAQ: The Shai-hulud npm worm attack explained
Crypto wallets hit in widespread npm, GitHub hack
A phishing campaign against maintainers resulted in malware distribution via Javascript in top open-source packages.
AI coding tools revive old-school hacks
Researchers at Black Hat discussed how these tools can leave development teams vulnerable to hacks like remote-code execution.
3CX’s Software Supply Chain Compromise: Lessons Learned
3CX has transformed its software security in the two years since a damaging compromise — and RL was there to help. Here are key takeaways.
From the Labs: YARA Rule for Detecting Conti
ReversingLabs’ YARA detection rule for Conti can help you detect this ransomware in your environment. We provide tools and information that you can use to spot CONTI at work in your environment.
Malicious Python packages target popular Bitcoin library
RL researchers detected two Python libraries that are designed to steal sensitive data while posing as fixes for a popular cryptocurrency library.
Less malware, more risk: The changing face of open-source security
Instances of malware on open-source software repositories dropped in 2024 — but OSS risk is on the rise. Here’s what you need to know.
Hidden threats lurk in commercial software: How to manage risk
While open-source risks are not going away, attack trends show third-party commercial software presents the greatest risk to the enterprise.
SEC action raises the bar on software transparency
Four firms have been fined for playing down how the SolarWinds attack impacted them. It’s part of a government push for greater supply chain transparency.