RL Blog
Device code phishing

Device code phishing bypasses password stealing

The Microsoft 365 phishing campaign persuades victims to complete a real authentication process that authorizes an attacker-controlled device.

Read More about Device code phishing bypasses password stealing
Device code phishing bypasses password stealing
Cloud security ITScape

How to defend ARM64 cloud infrastructure from ITScape

RL has documented CVE-2026-46316, and developed two YARA rules to help detect exploits of the multi-tenant cloud vulnerability.

Read More about How to defend ARM64 cloud infrastructure from ITScape
How to defend ARM64 cloud infrastructure from ITScape
MCP is the new API

MCP security tracks API's playbook — we know how that ends

The standard connecting AI agents to tools and data leaves security to others. Make it a do-over.

Read More about MCP security tracks API's playbook — we know how that ends
MCP security tracks API's playbook — we know how that ends
SecOps and AI

Working with agentic AI: A SecOps survival guide

Agentic AI will disrupt how SOC teams are built — and the way CISOs hire. Here’s how to embrace AI.

Read More about Working with agentic AI: A SecOps survival guide
Working with agentic AI: A SecOps survival guide
Social Engineering Attacks Target One Tutorial at a Time

Phishing attacks leverage TikTok, Instagram Reels

RL has discovered two social engineering attack techniques targeting users via short-form videos. Here’s how they work.

Read More about Phishing attacks leverage TikTok, Instagram Reels
Phishing attacks leverage TikTok, Instagram Reels
Thousands of developer projects compromised in npm hack

How 56 npm packages used binding.gyp to steal secrets

The attack is notable for its breadth, flooding npm with malicious package versions.

Read More about How 56 npm packages used binding.gyp to steal secrets
How 56 npm packages used binding.gyp to steal secrets
CVE Lite CLI

Dependency remediation bolstered with CVE Lite CLI

OWASP's new dependency scanner gives developers actionable fixes. But supply chain attacks aren’t yet CVEs.

Read More about Dependency remediation bolstered with CVE Lite CLI
Dependency remediation bolstered with CVE Lite CLI
Out front in race

Get ahead of frontier AI: 5 AppSec strategy upgrades

Frontier AI is collapsing the time from vulnerability discovery to exploit. Here are 5 ways to update your AppSec before it hits.

Read More about Get ahead of frontier AI: 5 AppSec strategy upgrades
Get ahead of frontier AI: 5 AppSec strategy upgrades
Noise to signal

CVE noise drowns out supply chain threats

48,000 CVEs were reported in 2025 — but just 58 were critical. A new report highlights why signal-to-noise ratio matters for AppSec.

Read More about CVE noise drowns out supply chain threats
CVE noise drowns out supply chain threats
three men sitting in front of monitors

31 Red Hat npm packages backdoored in 72 seconds

RL has discovered a new supply chain attack affecting 9.8M total downloads across Red Hat's Hybrid Cloud Console JavaScript ecosystem.

Read More about 31 Red Hat npm packages backdoored in 72 seconds
31 Red Hat npm packages backdoored in 72 seconds
2026-06-18_Forrester & RL Upcoming Webinar

Forrester Names RL in Agentic Development Security Market

The new landscape report maps 35 vendors addressing an emerging category of risk: AI agents writing insecure code at machine speed.

Read More about Forrester Names RL in Agentic Development Security Market
Forrester Names RL in Agentic Development Security Market
Shift lanes

5 lessons from vulnerability management's front lines

VM success is determined by findings reaching developers with context — which is getting more challenging. Here's why to shift gears.

Read More about 5 lessons from vulnerability management's front lines
5 lessons from vulnerability management's front lines
Ransomware

Dependency attack takes down ed-tech platform at scale

The Canvas LMS supply chain compromise — which hit during finals week — shows the impact of cascading attacks.

Read More about Dependency attack takes down ed-tech platform at scale
Dependency attack takes down ed-tech platform at scale
Hunting Megalodon Fossils

Researcher's Notebook: Hunting Megalodon Fossils

Analyzing C2 responses from compromised GitHub Actions linked a current threat to an earlier one, showing the value of retrohunting.

Read More about Researcher's Notebook: Hunting Megalodon Fossils
Researcher's Notebook: Hunting Megalodon Fossils
Developer in action

GitHub breach: The development ecosystem is in the hot seat

This TeamPCP attack is a serious wakeup call about software supply chain security — and the problems with implicit trust.

Read More about GitHub breach: The development ecosystem is in the hot seat
GitHub breach: The development ecosystem is in the hot seat
123...57Next

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Why RL Built Spectra Assure Community

Why RL Built Spectra Assure Community

We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.

Read More about Why RL Built Spectra Assure Community
Why RL Built Spectra Assure Community

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
Events
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top