Blog | ReversingLabs (16)

April 3, 2024

Malicious helpers: VS Code Extensions observed stealing sensitive information

Two newly discovered extensions on the VS Code Marketplace are designed to steal sensitive information, showing that open source attacks are expanding.

April 2, 2024

To better manage risk, make your software bills of materials actionable

Software complexity is growing — making SBOMs a necessity. But they need to be actionable to manage risk. Here's how to put them to work.

April 1, 2024

A software supply chain meltdown: What we know about the XZ Trojan

Software tampering and social engineering were used in a months-long campaign to plant malicious code in major Linux distributions. Here's what we know.

March 27, 2024

30 SSCS statistics that matter for software security teams

Understand the state of software supply chain security with key takeaways from recent research and surveys of application security and development pros.

March 26, 2024

Suspicious NuGet package grabs data from industrial systems

Espionage has long been a driver for malicious cyber campaigns. Here's what the RL research team knows about the suspicious SqzrFramework480 campaign.

March 21, 2024

Memory-safe languages and security by design: Key insights, lessons learned

Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.

March 20, 2024

7 ways to put your code on a diet — and improve AppSec in the process

Code bloat is at the root of many security problems. Here's how development teams can bolster application security with more efficient code.

March 18, 2024

How CISA’s secure software development attestation form falls short

Here’s what we know about the government's new software attestation form — and what needs to change to better manage modern software supply chain risk.

March 13, 2024

Gartner outlines top cybersecurity trends — and (spoiler alert) AI is No. 1

Here's a rundown of the top cybersecurity trends of this year — and what your team needs to know about them. AI, for one, has pros and cons for security.

March 12, 2024

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords

RL has discovered a campaign using malicious PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases used for crypto wallet recovery.

March 11, 2024

SBOMs and medical devices: An essential step — but no security cureall

The FDA now requires medical device manufacturers to produce a software bill of materials to ensure supply chain security. Here’s what you need to know.

March 7, 2024

Bad Actors are Going to School on Sandboxes: Here's What to Do About It!

AI-driven static binary analysis is your secret weapon to leap ahead of advanced threats.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Malicious helpers: VS Code Extensions observed stealing sensitive information

To better manage risk, make your software bills of materials actionable

A software supply chain meltdown: What we know about the XZ Trojan

30 SSCS statistics that matter for software security teams

Suspicious NuGet package grabs data from industrial systems

Memory-safe languages and security by design: Key insights, lessons learned

7 ways to put your code on a diet — and improve AppSec in the process

How CISA’s secure software development attestation form falls short

Gartner outlines top cybersecurity trends — and (spoiler alert) AI is No. 1

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords

SBOMs and medical devices: An essential step — but no security cureall

Bad Actors are Going to School on Sandboxes: Here's What to Do About It!

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports