Blog | ReversingLabs | Paul Roberts (2)

April 1, 2024

A software supply chain meltdown: What we know about the XZ Trojan

Software tampering and social engineering were used in a months-long campaign to plant malicious code in major Linux distributions. Here's what we know.

March 18, 2024

How CISA’s secure software development attestation form falls short

Here’s what we know about the government's new software attestation form — and what needs to change to better manage modern software supply chain risk.

February 6, 2024

The Cloudflare source code breach: Lessons learned

This latest incident underscores the continuing risks to organizations posed by both third-party software and leaks of development secrets alike.

February 1, 2024

Lessons from the Mercedes-Benz GitHub source code leak

Here's what we know about the automaker's latest secrets breach — and lessons your security team can draw from it.

January 30, 2024

HPE, Microsoft breach disclosures mark new era of CISO accountability

New revelations show Russia’s SVR has stepped up cyber-espionage. They also spotlight how public companies are on the hook with the SEC’s disclosure laws.

January 16, 2024

SSCS attacks: A (partial) history

A list of known (documented, reported) attacks involving compromises of software supply chains (from latest to oldest).

November 16, 2023

Protestware taps npm to call out wars in Ukraine, Gaza

ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.

September 20, 2023

The art of security chaos engineering

What if dev and app sec teams showed the same nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why it's essential.

August 15, 2023

6 things you may have missed at Hacker Summer Camp

Black Hat, DEF CON, and BSides (Hacker Summer Camp) is known for being information-overload for cybersecurity leaders and practitioners. Here are the sessions that stand out.

August 7, 2023

8 Black Hat sessions you don’t want to miss

Black Hat USA is a showcase for top security experts and companies. Here's our short list of must-see sessions for 2023.

July 27, 2023

More malicious npm packages found in wake of JumpCloud supply chain hack

ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.

July 17, 2023

Federal security guidance: Been there, done that

CISA and NSA issued security guidance on continuous integration/continuous delivery environments — but missed an opportunity to escalate the conversation.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

A software supply chain meltdown: What we know about the XZ Trojan

How CISA’s secure software development attestation form falls short

The Cloudflare source code breach: Lessons learned

Lessons from the Mercedes-Benz GitHub source code leak

HPE, Microsoft breach disclosures mark new era of CISO accountability

SSCS attacks: A (partial) history

Protestware taps npm to call out wars in Ukraine, Gaza

The art of security chaos engineering

6 things you may have missed at Hacker Summer Camp

8 Black Hat sessions you don’t want to miss

More malicious npm packages found in wake of JumpCloud supply chain hack

Federal security guidance: Been there, done that

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports