Blog | ReversingLabs (36)

February 16, 2023

The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

This week: Russian-linked PIPEDREAM malware targeted critical infrastructure. Also: 400 malicious packages found on PyPI demonstrates attacker prowess.

February 15, 2023

Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy

Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development.

February 15, 2023

Less talk, more action: High hopes for CISA's new C-SCRM office

CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?

February 14, 2023

Software composition analysis and the evolution of application security

Here are key takeaways from The Software Composition Analysis Landscape, Q1 2023 report — and how app sec is evolving to adapt to supply chain threats

February 14, 2023

SCA is necessary, but AppSec must evolve to tackle software supply chain security

Software teams are facing growing supply chain complexity and threats. Here's why SCA should evolve beyond open source licensing and vulnerabilities.

February 14, 2023

The SCA tools landscape and what it means to software supply chain security

Forrester's Software Composition Analysis report provides a competitive analysis of SCA tools. Here's how they deliver on software supply chain security.

February 13, 2023

Why knowing the "ground truth" is key to software security

Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.

February 9, 2023

Open-source repository malware sows Havoc

Aabquerys is a malicious npm package discovered typosquatting on a legitimate npm module that downloads malicious components, ReversingLabs discovered.

February 9, 2023

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

CISA is working to operationalize cyber supply chain risk management. Also: a GuLoader malware campaign is targeting the global e-commerce industry.

February 8, 2023

Leaky app gives researcher 'total, global control' over the Toyota supplier network

A researcher discovered a JsonWebToken flaw in a Toyota app that gave access to corporate user accounts, as well as suppliers — and even Toyota parts.

February 7, 2023

C-SCRM: We’re from the government — and we’re here to help with software supply chain security

A whole alphabet soup of agencies, offices and councils are springing up in D.C. and beyond. They’re trying to help us with the software supply chain security problem. It’s all about cybersecurity supply chain risk management, as the Washington wonks now insist on calling it. Beltway chatter is all C-SCRM this, guidance that and policy the other.

February 2, 2023

The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine

Russia-affiliated Sandworm is using malware strains to attack entities in Ukraine. Also: A massive Yandex code leak reveals the ranking factors of Russia’s search engines.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy

Less talk, more action: High hopes for CISA's new C-SCRM office

Software composition analysis and the evolution of application security

SCA is necessary, but AppSec must evolve to tackle software supply chain security

The SCA tools landscape and what it means to software supply chain security

Why knowing the "ground truth" is key to software security

Open-source repository malware sows Havoc

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

Leaky app gives researcher 'total, global control' over the Toyota supplier network

C-SCRM: We’re from the government — and we’re here to help with software supply chain security

The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports