RL Blog
FAQ: Shai hulud explained

FAQ: The Shai-hulud npm worm attack explained

Here's what you need to know about the discovery of the first self-replicating npm worm, which compromised packages with cloud token-stealing malware.

Read More about FAQ: The Shai-hulud npm worm attack explained
FAQ: The Shai-hulud npm worm attack explained
Vulnerability management race

CVE-Genie raises stakes in the vulnerability race

While security defenders welcomed the new vulnerability-validation tool, others stress it can be just as useful for would-be attackers.

Read More about CVE-Genie raises stakes in the vulnerability race
CVE-Genie raises stakes in the vulnerability race
Shai-hulud worm DevOps

Shai-hulud attack: Don’t let worms eat DevOps

As the development community chalks up the npm worm as just another bad day, bigger questions remain about the software supply chain ecosystem.  

Read More about Shai-hulud attack: Don’t let worms eat DevOps
Shai-hulud attack: Don’t let worms eat DevOps
Deadlines and code security

Deadlines vs. secure code: How AppSec can cope

AI coding and other modern development practices mean flawed code will continue to ship. Here are key recommendations for managing software risk.

Read More about Deadlines vs. secure code: How AppSec can cope
Deadlines vs. secure code: How AppSec can cope
Checkbox security SBOM

CISA’s SBOM standards: Beyond checkbox security

The new guidance would raise the bar for software vendors, who will need to ensure the SBOMs they generate are more detailed and machine-readable.

Read More about CISA’s SBOM standards: Beyond checkbox security
CISA’s SBOM standards: Beyond checkbox security
Train your AI coding tools

How AI coding can learn to do secure software

If you train ML models, they can learn to write more secure code. But the quality of the training data is only as good as your AppSec tooling.

Read More about How AI coding can learn to do secure software
How AI coding can learn to do secure software
AICM trustworthy AI threat categories

Trustworthy AI is key: 9 key threat categories

CSA’s AI Controls Matrix can help development and AppSec teams distill priorities for securing the AI software supply chain.

Read More about Trustworthy AI is key: 9 key threat categories
Trustworthy AI is key: 9 key threat categories
Onboarding software CISA

CISA tool aims to boost security for software onboarding

The new procurement tool seeks to strengthen third-party software risk management (TPSRM). But the process is manual and cumbersome.

Read More about CISA tool aims to boost security for software onboarding
CISA tool aims to boost security for software onboarding
ActiveState-and-ReversingLabs-Blog-cover

ActiveState and RL: Unlocking Software Supply Chain Security

Learn how ActiveState and ReversingLabs integration automates secure component sourcing, secure software releases, remediation guidance, and policy enforcement.

Read More about ActiveState and RL: Unlocking Software Supply Chain Security
ActiveState and RL: Unlocking Software Supply Chain Security
Blog Ransomware 2025 Cover

Ransomware 2025: Infostealers on the March

RL’s Ransomware Feed data from the first half of the year shows a jump in early-stage threats like infostealers — and a drop in Trojans.

Read More about Ransomware 2025: Infostealers on the March
Ransomware 2025: Infostealers on the March
code and bitcoin

Crypto wallets hit in widespread npm, GitHub hack

A phishing campaign against maintainers resulted in malware distribution via Javascript in top open-source packages.

Read More about Crypto wallets hit in widespread npm, GitHub hack
Crypto wallets hit in widespread npm, GitHub hack
Domain resurrection PyPI

PyPI domain resurrection fix: Why it matters

With attacks on popular repositories on the rise, PyPI has moved to head off a common technique for duping developers. Here’s what it accomplishes — and where there’s room for improvement.

Read More about PyPI domain resurrection fix: Why it matters
PyPI domain resurrection fix: Why it matters
Ethereum smart contracts used to push malicious code on npm

Ethereum contracts push malware on npm

RL discovered how the crypto contracts were abused — and how this incident is tied to a larger campaign to promote malicious packages on top repositories.

Read More about Ethereum contracts push malware on npm
Ethereum contracts push malware on npm
AI-borne malware has arrived

The future is here: AI-assists new ransomware

ESET researchers have discovered malware that taps into OpenAI’s large language model to assist in ransomware attacks.

Read More about The future is here: AI-assists new ransomware
The future is here: AI-assists new ransomware
Loophole lets malware claim the names of discontinued VS Code extensions

Threat actors claim VS Code extension names

RL has discovered a loophole on VS Code Marketplace that allows threat actors to reuse legitimate, removed package names for malicious purposes. 

Read More about Threat actors claim VS Code extension names
Threat actors claim VS Code extension names
Previous1...91011...58Next

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Why RL Built Spectra Assure Community

Why RL Built Spectra Assure Community

We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.

Read More about Why RL Built Spectra Assure Community
Why RL Built Spectra Assure Community

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsBlack Hat 2026
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top