RL Blog
The state of OSS security: Changes in attack methods, policy

The state of OSS security: Changes in attack methods, policy

What’s to come for the security of open source software? ConversingLabs caught up with Mikaël Barbero of the Eclipse Foundation to answer that question. Watch (or listen) and learn.

Read More about The state of OSS security: Changes in attack methods, policy
The state of OSS security: Changes in attack methods, policy
red cubes with letter s on them amid block cubes

Typosquatting campaign delivers r77 rootkit via npm

ReversingLabs discovered that one “s” was all that separated a legit npm package from a malicious twin that delivered the r77 rootkit — and was downloaded more than 700 times.

Read More about Typosquatting campaign delivers r77 rootkit via npm
Typosquatting campaign delivers r77 rootkit via npm
new features for reversinglabs a1000 version 8.3

ReversingLabs A1000 Threat Analysis and Hunting Solution Update Drives SecOps Forward

Version 8.3 of RL's A1000 Malware Analysis Platform delivers better visuals, search, and an improved cloud sandbox. Here are all of the updates.

Read More about ReversingLabs A1000 Threat Analysis and Hunting Solution Update Drives SecOps Forward
ReversingLabs A1000 Threat Analysis and Hunting Solution Update Drives SecOps Forward
pipeline

NIST supply chain security guidance for CI/CD environments: What you need to know

NIST's new guidelines are welcome, but some organizations may find it challenging to put them into practice.

Read More about NIST supply chain security guidance for CI/CD environments: What you need to know
NIST supply chain security guidance for CI/CD environments: What you need to know
pipeline with red shutoff wheel valve

NIST supply chain security guidance for CI/CD environments: What you need to know

NIST's new guidelines are welcome, but some organizations may find it challenging to put them into practice.

Read More about NIST supply chain security guidance for CI/CD environments: What you need to know
NIST supply chain security guidance for CI/CD environments: What you need to know
BlackCat (ALPHV): What we know about the MGM hack

BlackCat (ALPHV): What we know about the MGM hack

Ransomware-as-a-service gang ALPHV (a.k.a. BlackCat) carried out a sophisticated attack on the hotel and casino company MGM. Here’s what the ReversingLabs threat team understands.

Read More about BlackCat (ALPHV): What we know about the MGM hack
BlackCat (ALPHV): What we know about the MGM hack
conversinglabs podcast title card apple devices as a growing attack vector

With growing threats to Apple devices, Kandji ramps up

Kandji Director of Threat Intelligence Devin Byrd talks about the growing enterprise threats to macOS and iOS endpoints.

Read More about With growing threats to Apple devices, Kandji ramps up
With growing threats to Apple devices, Kandji ramps up
pressure gauge needle movement increasing

EPSS vs. CVSS: Exploit prediction could move the needle on software risk

Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know.

Read More about EPSS vs. CVSS: Exploit prediction could move the needle on software risk
EPSS vs. CVSS: Exploit prediction could move the needle on software risk
podcast title card the art of security chaos engineering with kelly shortride

The art of security chaos engineering

What if dev and app sec teams showed the same ingenuity, nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why that's essential to resilience.

Read More about The art of security chaos engineering
The art of security chaos engineering
IoT and the supply chain: The road to securing devices

IoT and the supply chain: The road to securing devices

In this episode of ConversingLabs, recorded on the sidelines of Black Hat in Las Vegas, NetRise CEO Thomas Pace talks about supply chain threats to the Internet of Things (IoT).

Read More about IoT and the supply chain: The road to securing devices
IoT and the supply chain: The road to securing devices
red chevrons pointing left

SANS DevSecOps report: 5 key takeaways

"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.

Read More about SANS DevSecOps report: 5 key takeaways
SANS DevSecOps report: 5 key takeaways
20 App Sec Social Profiles

20 application security pros you should follow

These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.

Read More about 20 application security pros you should follow
20 application security pros you should follow
Lemons and liability: How security warranties could tame the software market

Lemons and liability: How security warranties could tame the software market

In this ConversingLabs, Daniel Woods shares insights from his research on software warranties and discusses how shifting liability to producers could define the market.

Read More about Lemons and liability: How security warranties could tame the software market
Lemons and liability: How security warranties could tame the software market
Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks

Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks

RL threat researchers have discovered multiple malicious campaigns on open source repositories. Join the webinar to discuss key takeaways for app sec teams.

Read More about Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks
Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks
VMConnect supply chain attack continues, evidence points to North Korea

VMConnect supply chain attack continues, evidence points to North Korea

ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, as well as evidence linking the campaign to North Korea's Lazarus Group.

Read More about VMConnect supply chain attack continues, evidence points to North Korea
VMConnect supply chain attack continues, evidence points to North Korea
Previous1...293031...58Next

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Why RL Built Spectra Assure Community

Why RL Built Spectra Assure Community

We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.

Read More about Why RL Built Spectra Assure Community
Why RL Built Spectra Assure Community

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top
The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabs
ReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsBlack Hat 2026
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu