RL Blog
Cascading supply chain attack

AppSec as attacker: Inside Trivy–LiteLLM

The perimeter isn't your firewall — it's your CI/CD pipeline. Here’s what to know about TeamPCP's supply chain attack.

Read More about AppSec as attacker: Inside Trivy–LiteLLM
AppSec as attacker: Inside Trivy–LiteLLM
TeamPCP supply chain attack

The TeamPCP supply chain attack evolves

The malicious campaign started with Trivy and Checkmarx and has shifted to LiteLLM — and now telnix. Here's how.

Read More about The TeamPCP supply chain attack evolves
The TeamPCP supply chain attack evolves
Decouple SIEM data for better AppSec

Decouple SIEM data to reshape your AppSec

Shift to a data security pipeline platform to get software visibility that modern supply chain threats demand.

Read More about Decouple SIEM data to reshape your AppSec
Decouple SIEM data to reshape your AppSec
IDE insider threat

How AI agents can weaponize IDEs

Research shows that AI coding can tap integrated development environments to become privileged insider threats. 

Read More about How AI agents can weaponize IDEs
How AI agents can weaponize IDEs
Malicious npm packages use fake install logs to load RAT

Fake install logs in npm packages load RAT

The final-stage malware in the Ghost campaign is a RAT designed to steal crypto wallets and sensitive data.

Read More about Fake install logs in npm packages load RAT
Fake install logs in npm packages load RAT
Post-quantum security

Crypto group ushers in post-quantum security

Here’s a look at the Ethereum Foundation’s new PQC security effort — and why you need to modernize your SecOps.

Read More about Crypto group ushers in post-quantum security
Crypto group ushers in post-quantum security
AI agents black hole of risks

OpenClaw lesson: AI agents are a black hole

AI agents create novel attack surfaces and control issues that require rethinking assumptions — and AppSec tooling.

Read More about OpenClaw lesson: AI agents are a black hole
OpenClaw lesson: AI agents are a black hole
Polyglot File Examination with Spectra Analyze

How to Examine Polyglot Files with Spectra Analyze

Here's how to assess a sample using Spectra Analyze in your environment — and create a YARA rule.

Read More about How to Examine Polyglot Files with Spectra Analyze
How to Examine Polyglot Files with Spectra Analyze
SBOM: check

Make Your SBOMs Actionable with PURLs

Learn how Package URLs improve vulnerability matching, which reduces alert fatigue and simplifies compliance.

Read More about Make Your SBOMs Actionable with PURLs
Make Your SBOMs Actionable with PURLs
Container security

OWASP adopts DockSec: Why it matters

OWASP has adopted the container security tool to slow information overload. Here’s what you need to know.

Read More about OWASP adopts DockSec: Why it matters
OWASP adopts DockSec: Why it matters
OpenClaw agentic AI risk

OpenClaw and AI risk: 3 AppSec lessons

The OpenClaw saga is a case study on the threat from agentic AI, showing how it increases software risk.

Read More about OpenClaw and AI risk: 3 AppSec lessons
OpenClaw and AI risk: 3 AppSec lessons
Trip Hazard

Claude Code Security: The pros and cons

The new tool is a step forward on AI coding risk — but it trips on modern threats because it looks only at source code.

Read More about Claude Code Security: The pros and cons
Claude Code Security: The pros and cons
Fight fire with fire

AI-native AppSec: What it is — and why it matters

AI coding is a game-changer — and requires AI-powered application security to fight fire with fire.

Read More about AI-native AppSec: What it is — and why it matters
AI-native AppSec: What it is — and why it matters
AI coding and AppSec

BSIMM16 confirms: AI redefines AppSec

AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.

Read More about BSIMM16 confirms: AI redefines AppSec
BSIMM16 confirms: AI redefines AppSec
Inside the NuGet hack toolset

Inside the NuGet hackers' toolset

RL discovered two packages containing scripts that complete a typosquatting toolchain. Here's how it worked.

Read More about Inside the NuGet hackers' toolset
Inside the NuGet hackers' toolset
Previous1...345...57Next

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
2026-06-18_Forrester & RL Upcoming Webinar

Forrester Names RL in Agentic Development Security Market

The new landscape report maps 35 vendors addressing an emerging category of risk: AI agents writing insecure code at machine speed.

Read More about Forrester Names RL in Agentic Development Security Market
Forrester Names RL in Agentic Development Security Market

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
Events
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top