RL Blog
Polyglot File Examination with Spectra Analyze

How to Examine Polyglot Files with Spectra Analyze

Here's how to assess a sample using Spectra Analyze in your environment — and create a YARA rule.

Read More about How to Examine Polyglot Files with Spectra Analyze
How to Examine Polyglot Files with Spectra Analyze
SBOM: check

Make Your SBOMs Actionable with PURLs

Learn how Package URLs improve vulnerability matching, which reduces alert fatigue and simplifies compliance.

Read More about Make Your SBOMs Actionable with PURLs
Make Your SBOMs Actionable with PURLs
Container security

OWASP adopts DockSec: Why it matters

OWASP has adopted the container security tool to slow information overload. Here’s what you need to know.

Read More about OWASP adopts DockSec: Why it matters
OWASP adopts DockSec: Why it matters
OpenClaw agentic AI risk

OpenClaw and AI risk: 3 AppSec lessons

The OpenClaw saga is a case study on the threat from agentic AI, showing how it increases software risk.

Read More about OpenClaw and AI risk: 3 AppSec lessons
OpenClaw and AI risk: 3 AppSec lessons
Trip Hazard

Claude Code Security: The pros and cons

The new tool is a step forward on AI coding risk — but it trips on modern threats because it looks only at source code.

Read More about Claude Code Security: The pros and cons
Claude Code Security: The pros and cons
Fight fire with fire

AI-native AppSec: What it is — and why it matters

AI coding is a game-changer — and requires AI-powered application security to fight fire with fire.

Read More about AI-native AppSec: What it is — and why it matters
AI-native AppSec: What it is — and why it matters
AI coding and AppSec

BSIMM16 confirms: AI redefines AppSec

AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.

Read More about BSIMM16 confirms: AI redefines AppSec
BSIMM16 confirms: AI redefines AppSec
Inside the NuGet hack toolset

Inside the NuGet hackers' toolset

RL discovered two packages containing scripts that complete a typosquatting toolchain. Here's how it worked.

Read More about Inside the NuGet hackers' toolset
Inside the NuGet hackers' toolset
Malicious NuGet package targets Stripe

Malicious NuGet package targets Stripe

Threat actors targeted developers with a bogus package — a shift away from the recent crypto development hack focus.

Read More about Malicious NuGet package targets Stripe
Malicious NuGet package targets Stripe
AI upends SSCS

How AI agents upend supply chain security

Here’s what you need to know about their impact on software security — and what you can do to fight back. 

Read More about How AI agents upend supply chain security
How AI agents upend supply chain security
Cybercrime-as-a-service

Cybercrime-as-a-service forces a security rethink

With AI-powered tools readily available, sophisticated attacks no longer require sophisticated attackers.

Read More about Cybercrime-as-a-service forces a security rethink
Cybercrime-as-a-service forces a security rethink
Spectra Analyze: YARA Retrohunting

How to Use YARA Retrohunting for Defense

Learn how to use RL’s analysis of "pkr_mtsi" to advance your detection engineering in Spectra Analyze.

Read More about How to Use YARA Retrohunting for Defense
How to Use YARA Retrohunting for Defense
Commercial software risk

Commercial software risk: New controls required

Legacy strategies and tooling can’t manage today’s software threats. Here’s why binary analysis is necessary.

Read More about Commercial software risk: New controls required
Commercial software risk: New controls required
Inside the ‘graphalgo’ fake crypto developer recruitment campaign

Inside the fake crypto developer recruitment hack

Here’s a more-in-depth technical analysis of the packages involved in the "graphalgo" campaign.

Read More about Inside the fake crypto developer recruitment hack
Inside the fake crypto developer recruitment hack
Fake recruiter campaign targets crypto developers with RAT

Fake recruiter campaign targets crypto devs

A new branch of a fake job recruitment campaign, dubbed "graphalgo," is targeting developers with a RAT.

Read More about Fake recruiter campaign targets crypto devs
Fake recruiter campaign targets crypto devs
Previous1...456...58Next

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Mario Vuksan

Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

SSCS is a footnote that grew up, moved out, and got its own report. 

Read More about Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 
Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
Events
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top