The Latest Update to the ReversingLabs Threat Analysis and Hunting Solution

We've updated our threat analysis and hunting solution, which provides automated reverse engineering and malware hunting

Gartner: Knowing your software's ingredients is critical to managing risk

With third-party sources — and supply chain attacks surging — Gartner expects adoption of SBOMs to go from less than 5% now to 60% in 2025

The Week in Security: Bill tasks CISA Director with responsibility for open source software security

Welcome to the latest edition of The Week in Security, which brings you the most important headlines from the world and our team across the full stack of security: application security, cybersecurity, and beyond.

DevOps teams: BGP security is BAD. But you can fix it

The security of the Border Gateway Protocol (BGP) is laughable. But we all rely on it every day. For everything.

Gaps in the NVD increase U.S. cyber threat

Discrepancies in reports to the national vulnerability databases (NVD) show the U.S. lags behind China, exposing U.S. firms to cyber attacks.

From the Labs: YARA Rule for Detecting Nokoyawa

ReversingLabs’ YARA detection rule for Nokoyawa can help you find this ransomware in your environment.

The pandemic turned out to be a boon for public-private cybersecurity cooperation

The shift to remote work punched holes in government networks. But it also fostered a transformation in public-private cooperation, one NSA official noted at LABScon.

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

ReversingLabs has discovered a malicious npm package disguised as the software tool Material Tailwind. Here's an in-depth look at our discovery — and threat analysis.

Rust finds its mojo: Move forward to memory-safe code

t’s confirmed: The Linux kernel will have Rust support soon.

The Week in Security: Is Lapsus$ back in action?

The famous hacking group Lapsus$ appears to be back in action. Also: Russian cyber spies are targeting Ukraine by posing as internet providers.

White House now requires software adhere to NIST standards

Selling software to the government? You must now attest to conformity with NIST standards. And SBOMs, while not required, are preferred.

Iran-backed APT actors utilize CVEs to carry out cyber attacks on critical infrastructure

The Week in Cybersecurity: U.S. mandates federal agencies use secure third-party software tools

A new U.S. federal government memo mandates the federal use of secure third-party software products and services. Also, Twitter whistleblower Mudge Zatko reveals new details of the company’s security practices (or lack thereof) with Congress.

Why Twitter security sucks: Half of staff has PII access

Peiter “Mudge” Zatko (pictured) was grilled by U.S. senators this week. Twitter’s former head of security has some damning things to say about the service’s DevOps security — or lack of it.

OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain

Here's what you need to know about the new OpenSSF npm security best practices.