Blog | ReversingLabs | Dev & DevSecOps (3)

Dev & DevSecOps (3)

June 27, 2023

Hackers breached UPS data for SMS phish spree

It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.

June 21, 2023

Passkeys standard: Time to add it to your dev plans?

Forward-thinking DevOps shops are doing it already. Isn’t it time your team got on board?

June 13, 2023

MOVEit software exploit walks before it runs

Cl0p quietly tested the flaw for two years before launching the full exploit. Lesson: Look both ways before crossing.

June 7, 2023

What's the difference between app sec and supply chain security? It's all in the hack

Field CISO Matt Rose explains in this week's ReversingGlass episode the difference between application security hacks and software supply chain hacks.

June 6, 2023

PyPI hackers code sneaky new tactic. Researchers caught 'em red handed

Compiled-code behavior analysis beats old-skool app sec tools.

June 1, 2023

When byte code bites: Who checks the contents of compiled Python files?

ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.

June 1, 2023

The state of app sec with Chris Romeo: The year of the application is near

ConversingLabs caught up with Chris Romeo of Kerr Ventures at RSA Conference 2023 to talk about the state of application security. Watch (or listen) — and learn.

May 31, 2023

‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?

Experts warn ChatGPT-based coding could do to us what an asteroid did to the dinosaurs. Hype — or heads-up to reckon with?

May 30, 2023

Can AI-based software supply chain risk be tamed by NeMo Guardrails?

Here's a look at this first example of tools to manage the risk from generative AI — and analysis of the scope of that risk to the software supply chain.

May 23, 2023

PyPI paused as automated attack overwhelms admins

Python Package Index was flooded with malicious typo-squatting packages. Weekend warriors quit defense and hit the pause button.

May 9, 2023

Red teamers take on AI at DEF CON 31

It takes a village... In Las Vegas, researchers play capture the flag to find vulnerabilities in tools like ChatGPT — with a White House assist.

May 9, 2023

SLSA 1.0 delivers build provenance: What application security teams need to know

OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Dev & DevSecOps (3)

Hackers breached UPS data for SMS phish spree

Passkeys standard: Time to add it to your dev plans?

MOVEit software exploit walks before it runs

What's the difference between app sec and supply chain security? It's all in the hack

PyPI hackers code sneaky new tactic. Researchers caught 'em red handed

When byte code bites: Who checks the contents of compiled Python files?

The state of app sec with Chris Romeo: The year of the application is near

‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?

Can AI-based software supply chain risk be tamed by NeMo Guardrails?

PyPI paused as automated attack overwhelms admins

Red teamers take on AI at DEF CON 31

SLSA 1.0 delivers build provenance: What application security teams need to know

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Dev & DevSecOps (3)

Topics

Follow us

Subscribe

Special Reports