RL Blog
typewriter spelling out action items

OWASP's LLM AI Security & Governance Checklist: 13 action items for your team

The new checklist is organized into 13 areas of analysis. Here's what your security team needs to know about the most important points from each area.

Read More about OWASP's LLM AI Security & Governance Checklist: 13 action items for your team
OWASP's LLM AI Security & Governance Checklist: 13 action items for your team
XZ Trojan highlights software supply chain risk posed by 'sock puppets'

XZ Trojan highlights software supply chain risk posed by 'sock puppets'

There is no foolproof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three.

Read More about XZ Trojan highlights software supply chain risk posed by 'sock puppets'
XZ Trojan highlights software supply chain risk posed by 'sock puppets'
The state of secrets security: 7 action items for better managing risk

The state of secrets security: 7 action items for better managing risk

The Circle CI breach put secrets security front of mind. Now AI and low-code are introducing more risk. Here are key takeaways for managing secrets risk.

Read More about The state of secrets security: 7 action items for better managing risk
The state of secrets security: 7 action items for better managing risk
wooden letter blocks spelling perfect storm

When GenAI and low-code collide: What could go wrong for AppSec?

Here's why the duo results in a perfect storm, key considerations — and expert advice on how engineering and application security teams can tackle the problem.

Read More about When GenAI and low-code collide: What could go wrong for AppSec?
When GenAI and low-code collide: What could go wrong for AppSec?
pixelated initials RHA

ReversingLabs Hashing Algorithm

Here's what you need to know about RL's predictive malware detection.

Read More about ReversingLabs Hashing Algorithm
ReversingLabs Hashing Algorithm
red pixelated blocks flying out of computer monitor screen

Malicious helpers: VS Code Extensions observed stealing sensitive information

Two newly discovered extensions on the VS Code Marketplace are designed to steal sensitive information, showing that open source attacks are expanding.

Read More about Malicious helpers: VS Code Extensions observed stealing sensitive information
Malicious helpers: VS Code Extensions observed stealing sensitive information
locks on metal bars protecting door

To better manage risk, make your software bills of materials actionable

Software complexity is growing — making SBOMs a necessity. But they need to be actionable to manage risk. Here's how to put them to work.

Read More about To better manage risk, make your software bills of materials actionable
To better manage risk, make your software bills of materials actionable
wooden trojan horse replica

A software supply chain meltdown: What we know about the XZ Trojan

Software tampering and social engineering were used in a months-long campaign to plant malicious code in major Linux distributions. Here's what we know.

Read More about A software supply chain meltdown: What we know about the XZ Trojan
A software supply chain meltdown: What we know about the XZ Trojan
number 30 painted inside a circle on concrete

30 SSCS statistics that matter for software security teams

Understand the state of software supply chain security with key takeaways from recent research and surveys of application security and development pros.

Read More about 30 SSCS statistics that matter for software security teams
30 SSCS statistics that matter for software security teams
ominous hooded figure sitting at computer screen

Suspicious NuGet package grabs data from industrial systems

Here's what the RL research team knows about the suspicious SqzrFramework480 campaign, which is still available on the NuGet repository.

Read More about Suspicious NuGet package grabs data from industrial systems
Suspicious NuGet package grabs data from industrial systems
three locks in front of binary code streaming down over open laptop

Memory-safe languages and security by design: Key insights, lessons learned

Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.

Read More about Memory-safe languages and security by design: Key insights, lessons learned
Memory-safe languages and security by design: Key insights, lessons learned
two feet standing on bathroom scale

7 ways to put your code on a diet — and improve AppSec in the process

Code bloat is at the root of many security problems. Here's how development teams can bolster application security with more efficient code.

Read More about 7 ways to put your code on a diet — and improve AppSec in the process
7 ways to put your code on a diet — and improve AppSec in the process
pen in hand annotating book

How CISA’s secure software development attestation form falls short

Here’s what we know about the federal government's new software security form — and what needs to change. For one, SBOMs should be required.

Read More about How CISA’s secure software development attestation form falls short
How CISA’s secure software development attestation form falls short
sports fan holding up number one foam finger

Gartner outlines top cybersecurity trends — and (spoiler alert) AI is No. 1

Here are the top security trends of the year — and what your team needs to know about them. AI, for one, has its pros and cons for your security posture.

Read More about Gartner outlines top cybersecurity trends — and (spoiler alert) AI is No. 1
Gartner outlines top cybersecurity trends — and (spoiler alert) AI is No. 1
pixelated padlock embedded into computer switchboard

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords

RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery.

Read More about BIPClip: Malicious PyPI packages target crypto wallet recovery passwords
BIPClip: Malicious PyPI packages target crypto wallet recovery passwords
Previous1...242526...58Next

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Why RL Built Spectra Assure Community

Why RL Built Spectra Assure Community

We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.

Read More about Why RL Built Spectra Assure Community
Why RL Built Spectra Assure Community

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsBlack Hat 2026
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top