VMConnect: Malicious PyPI packages imitate popular open source modules
ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
VMConnect: Malicious PyPI packages imitate popular open source modules
FraudGPT / WormGPT: Scammy for now — but a worrying signpost for software security
Your app sec team should factor in more capable malicious AI tools, coming soon.
Rust progress: New threat modeling, tools bolster programming language
Here's why the Rust Foundation Security Initiative's audit and resulting new tooling matter for secure coding — and software supply chain security.
How to use the ReversingLabs file enrichment API offer for Microsoft Sentinel
Here's how to enrich your (SecOps) life with TitaniumCloud APIs focused specifically on file enrichment available in the Azure Marketplace for Microsoft Sentinel.
WormGPT: Business email compromise amplified by ChatGPT hack
Selling for $1,000 on the dark web, the email fraud tool leverages generative AI to improve cybercriminals' effectiveness.
More malicious npm packages found in wake of JumpCloud supply chain hack
ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.
The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Tools gap leaves you exposed to supply chain attacks
Traditional application security can't defend against today's attacks. Our report explains why — and why you need to upgrade your AppSec strategy.
No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’
It’s an optional trial program (for now). How would your devs cope?
AI and the software supply chain: AppSec just got way more complicated
In addition to the extensive list of components in today's software, AI relies on open-source AI models and training data. What could possibly go wrong?
From the Labs: YARA Rule for Detecting Minodo
Inside Project Nemesis: Leveraging YARA to Identify Minodo in Evolving Cybercrime Operations
The Latest Update to the ReversingLabs A1000 Threat Analysis and Hunting Solution
We’ve updated our threat analysis and threat hunting solution with new and improved features in ReversingLabs A1000, Version 8.2.
The Week in Security: Google Cloud Build permissions can be poisoned, WormGPT weaponizes AI
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Safe programming languages: A solid first step for application security
Safe programming languages and packages can dramatically reduce vulnerabilities in your systems and applications. Here's my rundown on the safest bets for secure coding.
JumpCloud 'nation state’ phishing attack spotlights third-party risk management
The big-fish IAMaaS cloud identity service provider opens its kimono. What can you learn from the exposure?