
FAQ: The Shai-hulud npm worm attack explained
Here's what you need to know about the discovery of the first self-replicating npm worm, which compromised packages with cloud token-stealing malware.

Director of Content and Editorial at RL. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cybersecurity space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show.
find Paul Roberts on:

Here's what you need to know about the discovery of the first self-replicating npm worm, which compromised packages with cloud token-stealing malware.

A phishing campaign against maintainers resulted in malware distribution via Javascript in top open-source packages.

Researchers at Black Hat discussed how these tools can leave development teams vulnerable to hacks like remote-code execution.

3CX has transformed its software security in the two years since a damaging compromise — and RL was there to help. Here are key takeaways.

ReversingLabs’ YARA detection rule for Conti can help you detect this ransomware in your environment. We provide tools and information that you can use to spot CONTI at work in your environment.

RL researchers detected two Python libraries that are designed to steal sensitive data while posing as fixes for a popular cryptocurrency library.

Instances of malware on open-source software repositories dropped in 2024 — but OSS risk is on the rise. Here’s what you need to know.

While open-source risks are not going away, attack trends show third-party commercial software presents the greatest risk to the enterprise.

Four firms have been fined for playing down how the SolarWinds attack impacted them. It’s part of a government push for greater supply chain transparency.
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free Trial