Blog | ReversingLabs | Paul Roberts (2)

February 6, 2024

The Cloudflare source code breach: Lessons learned

This latest incident underscores the continuing risks to organizations posed by both third-party software and leaks of development secrets alike.

February 1, 2024

Lessons from the Mercedes-Benz GitHub source code leak

Here's what we know about the automaker's latest secrets breach — and lessons your security team can draw from it.

January 30, 2024

HPE, Microsoft breach disclosures mark new era of CISO accountability

New revelations show Russia’s SVR has stepped up cyber-espionage. They also spotlight how public companies are on the hook with the SEC’s disclosure laws.

January 16, 2024

Software supply chain attacks: A (partial) history

A list of known (documented, reported) attacks involving compromises of software supply chains (from latest to oldest).

November 16, 2023

Protestware taps npm to call out wars in Ukraine, Gaza

ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.

September 20, 2023

The art of security chaos engineering

What if dev and app sec teams showed the same nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why it's essential.

August 15, 2023

6 things you may have missed at Hacker Summer Camp

Black Hat, DEF CON, and BSides (Hacker Summer Camp) is known for being information-overload for cybersecurity leaders and practitioners. Here are the sessions that stand out.

August 7, 2023

8 Black Hat sessions you don’t want to miss

Black Hat USA is a showcase for top security experts and companies. Here's our short list of must-see sessions for 2023.

July 27, 2023

More malicious npm packages found in wake of JumpCloud supply chain hack

ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.

July 17, 2023

Federal security guidance: Been there, done that

CISA and NSA issued security guidance on continuous integration/continuous delivery environments — but missed an opportunity to escalate the conversation.

June 15, 2023

CISA SBOM-a-rama tackles challenges: 5 key takeaways

The challenges — and also the promise — of software bills of materials were on display Wednesday as CISA hosted SBOM-a-rama. Here are five key takeaways.

June 12, 2023

Self-attestation on software security: What development teams need to know

Software vendors who do business with the federal government now have to prove they are practicing basic supply chain security. Here are the requirements.

Special Reports

The 2025 Software Supply Chain Security Report

Software supply chain attacks are an increasingly popular tool for malicious actors — including cybercriminal groups and nation-state hackers. And the rapid embrace of AI and machine learning (ML) by both enterprises and software producers is introducing new supply chain risks to those organizations.

March 12, 2025

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

The Cloudflare source code breach: Lessons learned

Lessons from the Mercedes-Benz GitHub source code leak

HPE, Microsoft breach disclosures mark new era of CISO accountability

Software supply chain attacks: A (partial) history

Protestware taps npm to call out wars in Ukraine, Gaza

The art of security chaos engineering

6 things you may have missed at Hacker Summer Camp

8 Black Hat sessions you don’t want to miss

More malicious npm packages found in wake of JumpCloud supply chain hack

Federal security guidance: Been there, done that

CISA SBOM-a-rama tackles challenges: 5 key takeaways

Self-attestation on software security: What development teams need to know

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports