Malicious npm package targets AWS users
The history of the package is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.
Malicious npm package targets AWS users
The Power of Complex Binary Analysis
RL Spectra Assure’s AI-driven complex binary analysis delivers critical visibility into software binaries to flag malware and advanced software threats, closing the software supply chain security gap.
How platform engineering helps you get a good start on Secure by Design
Self-service portals for developers can help organizations overcome challenges to getting up and running with CISA's software security initiative.
How to secure mergers & acquisitions from software supply chain attacks
When engaging in M&A, acquiring firms often inherit a software stack that presents security concerns. Here’s how you can effectively manage these risks.
Top cybersecurity Substacks to follow
Get up to speed on the state of security operations and related cybersecurity practices by subscribing to these 10 expert-curated Substacks.
Why malware matters most: 6 ways to foil software threats faster
Making malware enemy No. 1 should be a top priority for AppSec teams. Here's why you need to shift your team's focus from vulnerabilities.
Verizon DBIR 2024: The rise in software supply chain attacks explained
Verizon's Data Breach Investigations Report marked a dramatic shift in threats. Learn about it from Verizon — and how to get ahead of risk — in this Webinar.
How to assess and manage commercial software risk
Major attacks show that commercial software is the principal attack surface. Here’s why – and how your team can mitigate its risks.
Listen up: 10 cybersecurity podcasts you can learn from
Get up to speed on all things cybersecurity by subscribing to these knowledge-dropping podcasts. You're welcome.
Python downloader highlights noise problem in open source threat detection
RL discovered what appeared to be a malicious downloader on PyPI. It turned out to be red teaming — but highlights a growing problem for threat detection.
9 best practices for leveraging threat intelligence in your security operations
Cyberthreat intelligence can bolster your SecOps with actionable info — if you choose wisely. Here's how to get started with CTI and what you need to know.
NSA's zero-trust maturity for AppSec: What you need to know
The new initiative aims to help teams secure application access — and ensure continuous visibility of the workload. Experts weigh in with key insights.
Security operations by the numbers: 30 cybersecurity stats that matter
Get up to speed on the state of SecOps with key takeaways from recent research and surveys of cybersecurity practitioners and leaders.
The state of AppSec: Are we getting ahead of attackers — or falling behind?
Is application security keeping up with modern supply chain attacks? One SME urges "glass half full"-optimism. The reality: AppSec tooling needs an upgrade.
Making SBOMs actionable: Why sharing is essential
Factors are converging to make sharing of software bills of materials a reality. Here are key concerns — and why data sharing is essential to their effectiveness.