BIPClip: Malicious PyPI packages target crypto wallet recovery passwords
RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery.
BIPClip: Malicious PyPI packages target crypto wallet recovery passwords
SBOMs and medical devices: An essential step — but no security cureall
The FDA now requires medical device manufacturers to produce a software bill of materials to ensure supply chain security. Here’s what you need to know.
5 reasons you should consider a career in application security
There are many reasons to consider a career in AppSec, but one stands out: Software supply attacks are creating job security and opportunity.
Bad Actors are Going to School on Sandboxes: Here's What to Do About It!
Why Relying on Sandboxes Alone Leaves You Exposed — And How Next-Gen Binary Analysis Closes the Gaps
NIST CSF 2.0: Better risk management for the new era of supply chain security
NIST's Cybersecurity Framework 2.0 has been released, complete with a new focus on software supply chain security. Here are the key takeaways for your team.
NIST updates supply chain guidance: 3 ways to pump up your CI/CD security
The National Institute of Standards and Technology has beefed up its guidelines for securing CI/CD environments. Are you ready to bulk up your program?
Level up your YARA game
How to apply YARA rules for threat detection, searching, hunting and more.
All SBOMs are not created equal: What's required for them to be effective
Know the key challenges with software bills of materials, how tooling affects their usefulness — and how to make them actionable for better supply chain security.
Secure your AI development tools: 4 key questions to ask
When using AI tools including GitHub Copilot, your security team must be aware of — and protect against — certain risks. Here are the top considerations.
Lessons in threat modeling: How attack trees can deliver AppSec by design
Here's what development and application security teams need to know about using attack trees in combination with threat modeling to lock down their software.
Operation Cronos and the LockBit takedown: What we know
The U.S., U.K., Canada and eight partner countries have disrupted the LockBit ransomware group. Here are the key takeaways, along with expert insights. Carolynn van Arsdale
4 ways hero culture is killing your security program's effectiveness
Learn why cybersecurity hero culture is a problem — and how companies can avoid its negative effects and develop more resilient security operations.
Attackers leverage PyPI to sideload malicious DLLs
RL discovered two malicious packages and a subsequent larger campaign, showing that the approach is an emerging software supply chain attack method.
5 key takeaways from ESG's software supply chain complexity report
"The Growing Complexity of Securing the Software Supply Chain" report highlights key challenges for application security teams. Here's what you need to know.
5 notable supply chain compromises
2023 was a big year for software security. Here are the key lessons from last year's major attacks to learn from.