RL Blog
Vulnerability management race
September 25, 2025

CVE-Genie raises stakes in the vulnerability race

While security defenders welcomed the new vulnerability-validation tool, others stress it can be just as useful for would-be attackers.

Read More about CVE-Genie raises stakes in the vulnerability race
CVE-Genie raises stakes in the vulnerability race
Shai-hulud worm DevOps
September 24, 2025

Shai-hulud attack: Don’t let worms eat DevOps

As the development community chalks up the npm worm as just another bad day, bigger questions remain about the software supply chain ecosystem.  

Read More about Shai-hulud attack: Don’t let worms eat DevOps
Shai-hulud attack: Don’t let worms eat DevOps
Deadlines and code security
September 23, 2025

Deadlines vs. secure code: How AppSec can cope

AI coding and other modern development practices mean flawed code will continue to ship. Here are key recommendations for managing software risk.

Read More about Deadlines vs. secure code: How AppSec can cope
Deadlines vs. secure code: How AppSec can cope
Checkbox security SBOM
September 18, 2025

CISA’s SBOM standards: Beyond checkbox security

The new guidance would raise the bar for software vendors, who will need to ensure the SBOMs they generate are more detailed and machine-readable.

Read More about CISA’s SBOM standards: Beyond checkbox security
CISA’s SBOM standards: Beyond checkbox security
Train your AI coding tools
September 17, 2025

How AI coding can learn to do secure software

If you train ML models, they can learn to write more secure code. But the quality of the training data is only as good as your AppSec tooling.

Read More about How AI coding can learn to do secure software
How AI coding can learn to do secure software
AICM trustworthy AI threat categories
September 16, 2025

Trustworthy AI is key: 9 key threat categories

CSA’s AI Controls Matrix can help development and AppSec teams distill priorities for securing the AI software supply chain.

Read More about Trustworthy AI is key: 9 key threat categories
Trustworthy AI is key: 9 key threat categories
Onboarding software CISA
September 11, 2025

CISA tool aims to boost security for software onboarding

The new procurement tool seeks to strengthen third-party software risk management (TPSRM). But the process is manual and cumbersome.

Read More about CISA tool aims to boost security for software onboarding
CISA tool aims to boost security for software onboarding
ActiveState-and-ReversingLabs-Blog-cover
September 10, 2025

ActiveState and RL: Unlocking Software Supply Chain Security

Learn how ActiveState and ReversingLabs integration automates secure component sourcing, secure software releases, remediation guidance, and policy enforcement.

Read More about ActiveState and RL: Unlocking Software Supply Chain Security
ActiveState and RL: Unlocking Software Supply Chain Security
Blog Ransomware 2025 Cover
September 9, 2025

Ransomware 2025: Infostealers on the March

RL’s Ransomware Feed data from the first half of the year shows a jump in early-stage threats like infostealers — and a drop in Trojans.

Read More about Ransomware 2025: Infostealers on the March
Ransomware 2025: Infostealers on the March
code and bitcoin
September 9, 2025

Crypto wallets hit in widespread npm, GitHub hack

A phishing campaign against maintainers resulted in malware distribution via Javascript in top open-source packages.

Read More about Crypto wallets hit in widespread npm, GitHub hack
Crypto wallets hit in widespread npm, GitHub hack
Domain resurrection PyPI
September 4, 2025

PyPI domain resurrection fix: Why it matters

With attacks on popular repositories on the rise, PyPI has moved to head off a common technique for duping developers. Here’s what it accomplishes — and where there’s room for improvement.

Read More about PyPI domain resurrection fix: Why it matters
PyPI domain resurrection fix: Why it matters
Ethereum smart contracts used to push malicious code on npm
September 3, 2025

Ethereum contracts push malware on npm

RL discovered how the crypto contracts were abused — and how this incident is tied to a larger campaign to promote malicious packages on top repositories.

Read More about Ethereum contracts push malware on npm
Ethereum contracts push malware on npm
AI-borne malware has arrived
September 2, 2025

The future is here: AI-assists new ransomware

ESET researchers have discovered malware that taps into OpenAI’s large language model to assist in ransomware attacks.

Read More about The future is here: AI-assists new ransomware
The future is here: AI-assists new ransomware
Loophole lets malware claim the names of discontinued VS Code extensions
August 28, 2025

Threat actors claim VS Code extension names

RL has discovered a loophole on VS Code Marketplace that allows threat actors to reuse legitimate, removed package names for malicious purposes. 

Read More about Threat actors claim VS Code extension names
Threat actors claim VS Code extension names
DPE can speed development and boost AppSec
August 27, 2025

How DPE boost development — and AppSec

Developer Productivity Engineering provides a framework to boost code production and creativity — and can help to improve application security.

Read More about How DPE boost development — and AppSec
How DPE boost development — and AppSec
Previous1...789...56Next

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Why RL Built Spectra Assure Community
April 14, 2026

Why RL Built Spectra Assure Community

We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.

Read More about Why RL Built Spectra Assure Community
Why RL Built Spectra Assure Community

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
Skip to main content
Contact UsSupportLoginBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsRL at RSAC
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top