Blog | ReversingLabs | Paul Roberts

Paul Roberts

Content Lead at ReversingLabs. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cybersecurity space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show.

Find Paul Roberts on: Twitter LinkedIn

Recent Posts from Paul Roberts

NSA: Nation state actors aren't after your data — they want your OT

May 9, 2024

NSA: Nation state actors aren't after your data — they want your OT

APT actors are thinking beyond data theft and targeting CI. That means you need to look deeper and longer for signs of compromise, the NSA said at RSAC.

Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic

May 2, 2024

Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic

The new Data Breach Investigations Report sounds the alarm over software supply chain security — and calls for higher standards for development organizations.

XZ Trojan highlights software supply chain risk posed by 'sock puppets'

April 11, 2024

XZ Trojan highlights software supply chain risk posed by 'sock puppets'

There is no fool-proof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three key indicators.

A software supply chain meltdown: What we know about the XZ Trojan

April 1, 2024

A software supply chain meltdown: What we know about the XZ Trojan

Software tampering and social engineering were used in a months-long campaign to plant malicious code in major Linux distributions. Here's what we know.

How CISA’s secure software development attestation form falls short

March 18, 2024

How CISA’s secure software development attestation form falls short

Here’s what we know about the government's new software attestation form — and what needs to change to better manage modern software supply chain risk.

The Cloudflare source code breach: Lessons learned

February 6, 2024

The Cloudflare source code breach: Lessons learned

This latest incident underscores the continuing risks to organizations posed by both third-party software and leaks of development secrets alike.

Lessons from the Mercedes-Benz GitHub source code leak

February 1, 2024

Lessons from the Mercedes-Benz GitHub source code leak

Here's what we know about the automaker's latest secrets breach — and lessons your security team can draw from it.

HPE, Microsoft breach disclosures mark new era of CISO accountability

January 30, 2024

HPE, Microsoft breach disclosures mark new era of CISO accountability

Disclosures from Microsoft and HPE mark the confluence of two forces: stepped up cyber espionage by Russia's SVR, and tough new SEC disclosure rules.

A (partial) history of software supply chain attacks

January 16, 2024

A (partial) history of software supply chain attacks

The Sunburst hack of SolarWinds put supply chain attacks on everyone’s radar. But they aren’t new. Here’s our abbreviated history.

Protestware taps npm to call out wars in Ukraine, Gaza

November 16, 2023

Protestware taps npm to call out wars in Ukraine, Gaza

ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.

The art of security chaos engineering

September 20, 2023

The art of security chaos engineering

What if dev and app sec teams showed the same nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why it's essential.

6 things you may have missed at Hacker Summer Camp

August 15, 2023

6 things you may have missed at Hacker Summer Camp

Black Hat, DEF CON, and BSides (Hacker Summer Camp) is known for being information-overload for cybersecurity leaders and practitioners. Here are the sessions that stand out.