Federal security guidance: Been there, done that
CISA and NSA issued security guidance on continuous integration/continuous delivery (CI/CD) environments — but missed an opportunity to escalate the conversation.
Federal security guidance: Been there, done that
The Week in Security: Chinese hackers breach government email, AI models easily poisoned
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
CycloneDX 1.5: The next big step for SBOMs and software transparency
With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.
Introducing new capabilities to continuously improve software supply chain security
Meet ReversingLabs Software Supply Chain Security's newest feature: Levels.
EU-US data transfers back in hotseat: Security of user data adds to privacy concerns
The privacy of user data is one thing — but security of that data is equally important.
Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail
Here's what you need to know about third-party risk management — and why to prioritize comprehensive supply chain security.
New Features for ReversingLabs TitaniumScale, Version 3.4
Automations, integrations, and usability improved
From the Labs: YARA Rule for Detecting StealC
Tracking StealC's Rise: How YARA Rules Help Uncover a New Breed of Information Stealers
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
.webp&w=3840&q=75)
The Week in Security: Third-party breach exposes customer to LockBit, countries team to block DDoS
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Give your Microsoft Sentinel incidents some style
Here's how to use basic HTML to dress up your security incidents
Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites
C’mon, dev teams — it's about time to get serious about memory safety, XSS and SQLi.
The Week in Security: Third-party compromise lands pilot data from American, Southwest airlines
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Hackers breached UPS data for SMS phish spree
It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.
5 reasons why cyber attackers love software developers
Hackers are having a field day targeting developers with supply chain attacks, which open doors to other compromises. Here's why — and what to do about it.