Blog | ReversingLabs (2)

April 2, 2025

CVEs lose relevance: Get proactive — and think beyond vulnerabilities

More cracks in the NVD emerge, making the CVE system less useful. Shift your approach to keep up with software risk.

April 1, 2025

OpenSSF guidelines encourage OSS developers to build securely

The Open Source Secure Baseline provides a framework for securing OSS development — but it could breed complacency. Here's what you need to know.

March 27, 2025

AI coding tools weaponized: What your AppSec team needs to know

The "Rules File Backdoor" attack method is pernicious — and one that can be easily exploited with the rise of "vibe coding" and agentic AI.

March 26, 2025

Malware found on npm infecting local package with reverse shell

For the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.

March 25, 2025

Crypto malware attacks: 23 supply chain incidents set off alarms

Target on back-alert: Open source was increasingly exploited in attacks on cryptocurrency infrastructure and apps in 2024.

March 20, 2025

CISO survey: 6 lessons to boost third-party cyber-risk management

Risk is rising across the software supply chain while visibility remains low, making TPCRM challenging. Here's what you need to know.

March 19, 2025

Less malware, more risk: The changing face of open-source security

Instances of malware on open-source software repositories dropped in 2024 — but OSS risk is on the rise. Here’s what you need to know.

March 18, 2025

EPSS is not foolproof: Shift your AppSec beyond vulnerabilities

The Exploit Prediction Scoring System is useful, but limited. Here's why your application security strategy needs an upgrade.

March 13, 2025

OWASP supply chain security cheat sheet: 5 key action items

The complexity of today's software development makes supply chain security essential. This new cheat sheet is a great place to start.

March 13, 2025

How to Assess VMs Prior to Deployment with Spectra Assure

Leveraging binary analysis, Spectra Assure uses a pre-deployment, static approach for VM security, which is faster and more thorough. Here's how it works.

March 12, 2025

Hidden threats lurk in commercial software: How to manage risk

While open-source software risks are not going away, attack trends show third-party software presents the greatest risk to the enterprise.

March 11, 2025

Generative AI software development boosts productivity — and risk

The promise of higher development output is prompting rapid adoption of AI coding tools, but AppSec teams are in the hot seat with rising risk. Buckle up!

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

CVEs lose relevance: Get proactive — and think beyond vulnerabilities

OpenSSF guidelines encourage OSS developers to build securely

AI coding tools weaponized: What your AppSec team needs to know

Malware found on npm infecting local package with reverse shell

Crypto malware attacks: 23 supply chain incidents set off alarms

CISO survey: 6 lessons to boost third-party cyber-risk management

Less malware, more risk: The changing face of open-source security

EPSS is not foolproof: Shift your AppSec beyond vulnerabilities

OWASP supply chain security cheat sheet: 5 key action items

How to Assess VMs Prior to Deployment with Spectra Assure

Hidden threats lurk in commercial software: How to manage risk

Generative AI software development boosts productivity — and risk

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports