Malware found in Solana npm library raises the bar for crypto security
Two recent versions of the Solana web3.js open source library were infected with code to steal private keys, putting crypto platforms and wallets at risk.
Paul Roberts
Director of Content and Editorial at RL. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cybersecurity space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show.
Posts from Paul Roberts
Malware found in Solana npm library raises the bar for crypto security
.webp&w=3840&q=75)
Downgrade attacks open patched systems to malware
Researcher Alon Leviev warns that the Microsoft Windows compromise posed risks that were structural — stretching well beyond the specific flaws.
.webp&w=3840&q=75)
When hackers get hacked: Sam Curry on his career — and his latest research
In a new ConversingLabs podcast, the independent security researcher talks about his early entry into the field — and his latest connected-car research.
Hacker Summer Camp: Reboot needed to tackle software supply chain threats
Leaders from the private sector and government called for a rethink of outdated security tools and practices in an age of API-driven services and AI.
The big cybersecurity themes at Black Hat 2024 — and why they matter
The state of supply chain security is broken, and that leaves Black Hat attendees with a sense of urgency — and lots to discuss. Here are two main themes.
NSA: Nation state actors aren't after your data — they want your OT
In his “State of the Hack” session at RSA Conference, NSA’s David Luber said attackers are thinking beyond data theft and targeting operational technology. That's why your team needs to look deeper and longer for signs of compromise.
Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic
The new Data Breach Investigations Report sounds the alarm over software supply chain security — and calls for higher standards for development organizations.
XZ Trojan highlights software supply chain risk posed by 'sock puppets'
There is no foolproof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three.
A software supply chain meltdown: What we know about the XZ Trojan
Software tampering and social engineering were used in a months-long campaign to plant malicious code in major Linux distributions. Here's what we know.