Device code phishing bypasses password stealing
The Microsoft 365 phishing campaign persuades victims to complete a real authentication process that authorizes an attacker-controlled device.
Robert Simmons
Principal Malware Researcher at ReversingLabs. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others.
Posts from Robert Simmons
Device code phishing bypasses password stealing
How to defend ARM64 cloud infrastructure from ITScape
RL has documented CVE-2026-46316, and developed two YARA rules to help detect exploits of the multi-tenant cloud vulnerability.
Researcher's Notebook: Hunting Megalodon Fossils
Analyzing C2 responses from compromised GitHub Actions linked a current threat to an earlier one, showing the value of retrohunting.
Inside the EmEditor supply chain compromise
By combining early infrastructure detection with supply chain security controls you can give your defenders a leg up.
Unpacking the packer ‘pkr_mtsi’
This RL Researcher’s Notebook highlights the packer’s evolution — and offers a YARA rule to detect all versions.
Tracking an evolving Discord-based RAT family
RL's analysis of an STD Group-operated RAT yielded file indicators to better detect the malware and two YARA rules.
Banana Squad exploits GitHub repos
ReversingLabs researchers discovered more than 60 GitHub repositories that contain hundreds of trojanized files.
Detecting Debugger Evasion: Exception Flooding
Quantum, once a popular ransomware gang, is no longer an active threat. However, ReversingLabs researchers created detection rules for a debugger evasion recently added to the Malware Behavior Catalog as Exception Flooding.
