Webinar | Delivering Threat Analysis Beyond VirusTotal's Reach
Save Your Seat
ReversingLabs is the #1 Alternative to VirusTotal
Learn Why
New White Paper | The Monsters in Your Software Supply Chain
Read Now

Threat Research

Protestware taps npm to call out wars in Ukraine, Gaza
November 16, 2023

Protestware taps npm to call out wars in Ukraine, Gaza

ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.
Read More
IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations
October 31, 2023

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

RL has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.
Read More
Typosquatting campaign delivers r77 rootkit via npm
October 4, 2023

Typosquatting campaign delivers r77 rootkit via npm

One “s” is all that separates a legitimate npm package from a malicious twin that delivered the r77 rootkit, and was downloaded more than 700 times, ReversingLabs researchers discovered.
Read More
What we know about BlackCat and the MGM hack
September 28, 2023

What we know about BlackCat and the MGM hack

Ransomware-as-a-service gang ALPHV/BlackCat carried out a sophisticated attack on the hotel and casino giant MGM. Here’s what the RL threat team knows.
Read More
Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks
September 5, 2023

Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks

RL threat researchers have discovered multiple malicious campaigns on open repositories recently. Join the Webinar to discuss key takeaways.
Read More
VMConnect supply chain attack continues, evidence points to North Korea
August 31, 2023

VMConnect supply chain attack continues, evidence points to North Korea

ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, and evidence linking the campaign to North Korean threat actors.
Read More
Fake Roblox packages target npm with Luna Grabber info-stealing malware
August 22, 2023

Fake Roblox packages target npm with Luna Grabber info-stealing malware

ReversingLabs identified more than a dozen malicious packages targeting Roblox users on the npm public repository, recalling an attack from 2021.
Read More
VMConnect: Malicious PyPI packages imitate popular open source modules
August 3, 2023

VMConnect: Malicious PyPI packages imitate popular open source modules

ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
Read More
More malicious npm packages found in wake of JumpCloud supply chain hack
July 27, 2023

More malicious npm packages found in wake of JumpCloud supply chain hack

ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.
Read More
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
July 6, 2023

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
Read More
When byte code bites: Who checks the contents of compiled Python files?
June 1, 2023

When byte code bites: Who checks the contents of compiled Python files?

ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.
Read More
RATs found hiding in the npm attic
May 18, 2023

RATs found hiding in the npm attic

ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an infostealer that lurked on npm for months before being detected.
Read More

SUBSCRIBE

Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs: The State of Open Source Software Security ConversingLabs: The State of Open Source Software Security
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: SBOMS and threat modeling ReversingGlass: SBOMS and threat modeling
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Video Conferencing Software Software Package Deconstruction: Video Conferencing Software
Analyzing Risks To Your Software Supply Chain