ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.
Read More about More malicious npm packages found in wake of JumpCloud supply chain hack
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal
Traditional application security can't defend against today's attacks. Our report explains why — and why you need to upgrade your AppSec strategy.
Read More about Tools gap leaves you exposed to supply chain attacks
It’s an optional trial program (for now). How would your devs cope?
Read More about No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’
In addition to the extensive list of components in today's software, AI relies on open-source AI models and training data. What could possibly go wrong?
Read More about AI and the software supply chain: AppSec just got way more complicated
Inside Project Nemesis: Leveraging YARA to Identify Minodo in Evolving Cybercrime Operations
Read More about From the Labs: YARA Rule for Detecting Minodo
We’ve updated our threat analysis and threat hunting solution with new and improved features in ReversingLabs A1000, Version 8.2.
Read More about The Latest Update to the ReversingLabs A1000 Threat Analysis and Hunting Solution
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Google Cloud Build permissions can be poisoned, WormGPT weaponizes AI
Safe programming languages and packages can dramatically reduce vulnerabilities in your systems and applications. Here's my rundown on the safest bets for secure coding.
Read More about Safe programming languages: A solid first step for application security
The big-fish IAMaaS cloud identity service provider opens its kimono. What can you learn from the exposure?
Read More about JumpCloud 'nation state’ phishing attack spotlights third-party risk management
CISA and NSA issued security guidance on continuous integration/continuous delivery (CI/CD) environments — but missed an opportunity to escalate the conversation.
Read More about Federal security guidance: Been there, done that
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Chinese hackers breach government email, AI models easily poisoned
With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.
Read More about CycloneDX 1.5: The next big step for SBOMs and software transparency
Meet ReversingLabs Software Supply Chain Security's newest feature: Levels.
Read More about Introducing new capabilities to continuously improve software supply chain security
The privacy of user data is one thing — but security of that data is equally important.
Read More about EU-US data transfers back in hotseat: Security of user data adds to privacy concerns