RL Blog
Social Engineering Attacks Target One Tutorial at a Time

Phishing attacks leverage TikTok, Instagram Reels

RL has discovered two social engineering attack techniques targeting users via short-form videos. Here’s how they work.

Read More about Phishing attacks leverage TikTok, Instagram Reels
Phishing attacks leverage TikTok, Instagram Reels
Thousands of developer projects compromised in npm hack

How 56 npm packages used binding.gyp to steal secrets

The attack is notable for its breadth, flooding npm with malicious package versions.

Read More about How 56 npm packages used binding.gyp to steal secrets
How 56 npm packages used binding.gyp to steal secrets
CVE Lite CLI

Dependency remediation bolstered with CVE Lite CLI

OWASP's new dependency scanner gives developers actionable fixes. But supply chain attacks aren’t yet CVEs.

Read More about Dependency remediation bolstered with CVE Lite CLI
Dependency remediation bolstered with CVE Lite CLI
Out front in race

Get ahead of frontier AI: 5 AppSec strategy upgrades

Frontier AI is collapsing the time from vulnerability discovery to exploit. Here are 5 ways to update your AppSec before it hits.

Read More about Get ahead of frontier AI: 5 AppSec strategy upgrades
Get ahead of frontier AI: 5 AppSec strategy upgrades
Noise to signal

CVE noise drowns out supply chain threats

48,000 CVEs were reported in 2025 — but just 58 were critical. A new report highlights why signal-to-noise ratio matters for AppSec.

Read More about CVE noise drowns out supply chain threats
CVE noise drowns out supply chain threats
three men sitting in front of monitors

31 Red Hat npm packages backdoored in 72 seconds

RL has discovered a new supply chain attack affecting 9.8M total downloads across Red Hat's Hybrid Cloud Console JavaScript ecosystem.

Read More about 31 Red Hat npm packages backdoored in 72 seconds
31 Red Hat npm packages backdoored in 72 seconds
2026-06-18_Forrester & RL Upcoming Webinar

Forrester Names RL in Agentic Development Security Market

The new landscape report maps 35 vendors addressing an emerging category of risk: AI agents writing insecure code at machine speed.

Read More about Forrester Names RL in Agentic Development Security Market
Forrester Names RL in Agentic Development Security Market
Shift lanes

5 lessons from vulnerability management's front lines

VM success is determined by findings reaching developers with context — which is getting more challenging. Here's why to shift gears.

Read More about 5 lessons from vulnerability management's front lines
5 lessons from vulnerability management's front lines
Ransomware

Dependency attack takes down ed-tech platform at scale

The Canvas LMS supply chain compromise — which hit during finals week — shows the impact of cascading attacks.

Read More about Dependency attack takes down ed-tech platform at scale
Dependency attack takes down ed-tech platform at scale
Hunting Megalodon Fossils

Researcher's Notebook: Hunting Megalodon Fossils

Analyzing C2 responses from compromised GitHub Actions linked a current threat to an earlier one, showing the value of retrohunting.

Read More about Researcher's Notebook: Hunting Megalodon Fossils
Researcher's Notebook: Hunting Megalodon Fossils
Developer in action

GitHub breach: The development ecosystem is in the hot seat

This TeamPCP attack is a serious wakeup call about software supply chain security — and the problems with implicit trust.

Read More about GitHub breach: The development ecosystem is in the hot seat
GitHub breach: The development ecosystem is in the hot seat
Robot Army

AI agents are the new insider threat

AI security leader and author Steve Wilson explains why you need to rethink security — and treat AI agents as digital workers.

Read More about AI agents are the new insider threat
AI agents are the new insider threat
Hackers Abuse Parental Controls To Hijack Google Accounts

Hackers Abuse Parental Controls to Hijack Google Accounts

Learn how attackers are re-casting adults as minors to bypass recovery and lock users out.

Read More about Hackers Abuse Parental Controls to Hijack Google Accounts
Hackers Abuse Parental Controls to Hijack Google Accounts
Spectra Analyze Update

Spectra Analyze, Spectra Core Update: Deeper Detection, Smarter Analysis

RL threat detection and binary analysis can now close the gap for threat hunters.

Read More about Spectra Analyze, Spectra Core Update: Deeper Detection, Smarter Analysis
Spectra Analyze, Spectra Core Update: Deeper Detection, Smarter Analysis
Open Sign

Shai-Hulud code drop: It’s open season for attacks

The npm malware's public release provides a ready-made blueprint for threat actors. Take action on supply chain security.

Read More about Shai-Hulud code drop: It’s open season for attacks
Shai-Hulud code drop: It’s open season for attacks
Previous123...58Next

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Mario Vuksan

Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

SSCS is a footnote that grew up, moved out, and got its own report. 

Read More about Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 
Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top
The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabs
ReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsBlack Hat 2026
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu