Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks
RL threat researchers have discovered multiple malicious campaigns on open source repositories. Join the webinar to discuss key takeaways for app sec teams.
Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks
VMConnect supply chain attack continues, evidence points to North Korea
ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, as well as evidence linking the campaign to North Korea's Lazarus Group.
10 Hacker Summer Camp speakers to follow year-round
Knowledge sharing with cybersecurity experts doesn't have to stop after Hacker Summer Camp wraps up. Follow these top speakers throughout the year.
The Week in Security: WinRAR exploit targets traders, malicious npm packages go after game devs
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Supply chain security: Is technical debt weighing your team down?
Doing just vulnerability management and piecemeal app sec testing are equivalent to paying only the interest on mounting security technical debt. Where does your organization stand?
Fake Roblox packages target npm with Luna Grabber info-stealing malware
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.
Risk modeling model exposes supply chain's 'hiddenness of knowledge'
GUAC-ALYTICs will use a new algorithmic engine to model risk across open-source software supply chain interdependencies. Here's what you need to know.
The Week in Security: Researchers hack 'unbreakable' card-shuffling hardware, Discord.io shut after breach
A Week of Breaches: The Intersection of Physical and Digital Security Failures
CISA's Secure by Design: Too much, too soon?
Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise. Experts explain what it will take.
AI coding helpers get FAILing grade
Purdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions.
6 things you may have missed at Hacker Summer Camp
The summertime trio of events in Las Vegas — Black Hat, DEF CON, and BSides — is information overload for cybersecurity leaders and practitioners. Here are the sessions that stood out.
ReversingLabs’ path to success: Staying true to customers and the product was key
ReversingLabs' 15-year journey started with two researchers coming together with a single mission: To secure all software. Co-founder and CEO Mario Vuksan shares lessons learned.
OWASP researcher: Supply chain attacks require going beyond vulnerabilities
Jeremy Long, who founded OWASP's Dependency Check Program, urges organizations to shift from traditional AppSec testing to tools that can remediate malicious threats.
The Week in Security: Cloudflare Tunnels abuse ramps up, U.K. voter data exposed
Stealthy Connections: The Rising Threat of Cloudflare Tunnel Abuse in Cyber Attacks
Listen up, devs: AI trained to overhear passwords
Deep learning model knows what keys you press — “with 95% accuracy.” The password's days are numbered.