ReversingLabs Blog

April 21, 2023

The 3CX attack gets wilder, marks first 'cascading software supply chain compromise'

The surprising story of the supply chain hack of VoIP provider 3CX got even crazier this week. Here's what your application security need to know.
April 20, 2023

Companies scramble to cover software supply chain security gaps: 3 key survey takeaways

The new ReversingLabs Software Supply Chain Risk Survey found that supply chain security poses serious risk that traditional app sec tools can't address.
April 18, 2023

What’s hot at RSA Conference 2023: 6 must-see malware analysis and threat hunting talks

There is so much to take in at RSAC. Cut through the noise with our list of threat-focused talks you don't want to miss.
April 4, 2023

The 3CX attack was targeted — but the plan was broader

The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost. 
March 21, 2023

Secrets Exposed: How to mitigate risk from secrets leaks — and prevent future breaches

Software secrets are targeted by malicious actors. Here are three key steps to mitigate risk — and best practices you can take to prevent future breaches.
March 14, 2023

Secrets Exposed: How hackers are gaining access to software secrets

Here’s how attackers are finding software development secrets buried in code repositories — and exploiting them. 
February 23, 2023

Secrets Exposed: Why modern development, open source repositories spill secrets en masse

The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Learn the why in this first post in our Secrets Revealed series.
February 8, 2023

Leaky app gives researcher 'total, global control' over the Toyota supplier network

A researcher discovered a JsonWebToken flaw in a Toyota app that gave access to corporate user accounts, as well as suppliers — and even Toyota parts. 
January 26, 2023

The Week in Security: After breach, 'unusual activity' detected in GoTo and LastPass dev environments

This week: GoTo says its 2022 breach was worse than reported, also affecting LastPass. Also: A hacktivist finds FBI No Fly list on an unsecured server.
January 11, 2023

After hack, CircleCI tells devs to update secrets now

In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.
January 11, 2023

Danger: Researchers exploit gaps in connected vehicle software supply chain

Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns.
December 7, 2022

New supply chain mandates: Uncle Sam wants you (to secure your software)!

Here are the key elements of Executive Order 14028, and software supply chain security guidance from the Enduring Security Framework working group. 


Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The Art of Security Chaos Engineering The Art of Security Chaos Engineering
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: Happy Birthday, ReversingGlass ReversingGlass: Happy Birthday, ReversingGlass
Glassboard conversations with ReversingLabs Field CISO Matt Rose