<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">

ReversingLabs Blog

August 31, 2023

VMConnect supply chain attack continues, evidence points to North Korea

ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, and evidence linking the campaign to North Korean threat actors.
August 30, 2023

10 Hacker Summer Camp speakers to follow year-round

Why does expert cybersecurity knowledge sharing have to stop in Las Vegas? Follow these top speakers year-round.
August 24, 2023

The Week in Security: WinRAR exploit targets traders, malicious npm packages go after game devs

Hackers are exploiting a zero-day to target crypto and stock traders, RL discovers over a dozen malicious npm packages targeting Roblox game developers.
August 23, 2023

Supply chain security: Is technical debt weighing your team down?

Vulnerability management and piecemeal app sec testing are like paying the interest only on mounting security technical debt. Where do you stand?
August 22, 2023

Fake Roblox packages target npm with Luna Grabber info-stealing malware

ReversingLabs identified more than a dozen malicious packages targeting Roblox users on the npm public repository, recalling an attack from 2021.
August 21, 2023

Risk modeling initiative aims to expose the 'hiddenness of knowledge' in the supply chain

GUAC-ALYTICs will model risk across open source software supply chain interdependencies using a new algorithmic engine. Here's what you need to know.
August 17, 2023

The Week in Security: Researchers hack 'unbreakable' card-shuffling hardware, Discord.io shut after breach

This week: Ocean's 1337, anyone? After a popular card shuffling machine was declared secure and unbreakable, security researchers from IOActive decided to take a closer look. What they found may (not) surprise you! Also: a vulnerability could be behind a breach that spilled info on more than 700,000 Discord users.
August 16, 2023

CISA's Secure by Design: Too much, too soon?

Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise.
August 15, 2023

6 things you may have missed at Hacker Summer Camp

Black Hat, DEF CON, and BSides (Hacker Summer Camp) is known for being information-overload for cybersecurity leaders and practitioners. Here are the sessions that stand out.
August 15, 2023

AI coding helpers get FAILing grade

Purdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions. Only fools rush in.
August 14, 2023

OWASP researcher: Supply chain attacks show organizations must shift beyond vulnerabilities

Researcher Jeremy Long says organizations need to shift from traditional app sec testing to tools that can remediate malicious threats.
August 14, 2023

ReversingLabs’ path to success: Staying true to customers and the product was key

ReversingLabs' 15-year journey started with two researchers coming together with a single mission: to better secure software. Co-founder and CEO Mario Vuksan shares lessons learned.

SUBSCRIBE

Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

Apple Devices as a Growing Attack Vector Apple Devices as a Growing Attack Vector
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key
Glassboard conversations with ReversingLabs Field CISO Matt Rose