ReversingGlass Video: How Software Supply Chains Go Wrong...in less then 5 minutes.
Watch Now
Read the LATEST Software Supply Chain Security Risk Report
Read Now
Webinar Alert! The Future of Complex Code Destruction
Register Now

Software Supply Chain Security (2)

Fake Roblox packages target npm with Luna Grabber info-stealing malware
August 22, 2023

Fake Roblox packages target npm with Luna Grabber info-stealing malware

ReversingLabs identified more than a dozen malicious packages targeting Roblox users on the npm public repository, recalling an attack from 2021.
Read More
Risk modeling initiative aims to expose the 'hiddenness of knowledge' in the supply chain
August 21, 2023

Risk modeling initiative aims to expose the 'hiddenness of knowledge' in the supply chain

GUAC-ALYTICs will model risk across open source software supply chain interdependencies using a new algorithmic engine. Here's what you need to know.
Read More
The Week in Security: Researchers hack 'unbreakable' card-shuffling hardware, Discord.io shut after breach
August 17, 2023

The Week in Security: Researchers hack 'unbreakable' card-shuffling hardware, Discord.io shut after breach

This week: Ocean's 1337, anyone? After a popular card shuffling machine was declared secure and unbreakable, security researchers from IOActive decided to take a closer look. What they found may (not) surprise you! Also: a vulnerability could be behind a breach that spilled info on more than 700,000 Discord users.
Read More
CISA's Secure by Design: Too much, too soon?
August 16, 2023

CISA's Secure by Design: Too much, too soon?

Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise.
Read More
6 things you may have missed at Hacker Summer Camp
August 15, 2023

6 things you may have missed at Hacker Summer Camp

Black Hat, DEF CON, and BSides (Hacker Summer Camp) is known for being information-overload for cybersecurity leaders and practitioners. Here are the sessions that stand out.
Read More
OWASP researcher: Supply chain attacks show organizations must shift beyond vulnerabilities
August 14, 2023

OWASP researcher: Supply chain attacks show organizations must shift beyond vulnerabilities

Researcher Jeremy Long says organizations need to shift from traditional app sec testing to tools that can remediate malicious threats.
Read More
The Week in Security: Cloudflare Tunnels abuse ramps up, U.K. voter data exposed
August 10, 2023

The Week in Security: Cloudflare Tunnels abuse ramps up, U.K. voter data exposed

This week: Hackers are increasingly abusing Cloudflare Tunnels for nefarious purposes. Also: Britons' data exposed in an Electoral Commission cyberattack. 
Read More
Do you trust your software? Why verification matters
August 8, 2023

Do you trust your software? Why verification matters

To manage risk, you need to trust your software — and that requires verification, provided by using modern tools and taking a holistic approach.
Read More
8 Black Hat sessions you don’t want to miss
August 7, 2023

8 Black Hat sessions you don’t want to miss

Black Hat USA is a showcase for top security experts and companies. Here's our short list of must-see sessions for 2023.
Read More
VMConnect: Malicious PyPI packages imitate popular open source modules
August 3, 2023

VMConnect: Malicious PyPI packages imitate popular open source modules

ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
Read More
ReversingLabs @ Hacker Summer Camp: See you there
August 3, 2023

ReversingLabs @ Hacker Summer Camp: See you there

Every summer, teams congregate in Las Vegas to talk about all things cybersecurity. ReversingLabs has a lot going on. Here’s what we're up to at BSides, Black Hat, and DEF CON. 
Read More
Rust programming language progress report: New threat modeling, tools bolster supply chain security
August 1, 2023

Rust programming language progress report: New threat modeling, tools bolster supply chain security

Here's why the Rust Foundation Security Initiative's audit and resulting new tooling matter for secure coding — and software supply chain security.
Read More

SUBSCRIBE

Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

Apple Devices as a Growing Attack Vector Apple Devices as a Growing Attack Vector
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key
Glassboard conversations with ReversingLabs Field CISO Matt Rose