ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, as well as evidence linking the campaign to North Korea's Lazarus Group.
Knowledge sharing with cybersecurity experts doesn't have to stop after Hacker Summer Camp wraps up. Follow these top speakers throughout the year.
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Doing just vulnerability management and piecemeal app sec testing are equivalent to paying only the interest on mounting security technical debt. Where does your organization stand?
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.
GUAC-ALYTICs will use a new algorithmic engine to model risk across open-source software supply chain interdependencies. Here's what you need to know.
A Week of Breaches: The Intersection of Physical and Digital Security Failures
Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise. Experts explain what it will take.
Purdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions.
The summertime trio of events in Las Vegas — Black Hat, DEF CON, and BSides — is information overload for cybersecurity leaders and practitioners. Here are the sessions that stood out.
ReversingLabs' 15-year journey started with two researchers coming together with a single mission: To secure all software. Co-founder and CEO Mario Vuksan shares lessons learned.
Jeremy Long, who founded OWASP's Dependency Check Program, urges organizations to shift from traditional AppSec testing to tools that can remediate malicious threats.
Stealthy Connections: The Rising Threat of Cloudflare Tunnel Abuse in Cyber Attacks
Deep learning model knows what keys you press — “with 95% accuracy.” The password's days are numbered.
To manage risk, you need to trust the software you produce or consume — and that requires verification, provided by modern tools and a holistic approach.