June 1, 2023
ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.
May 18, 2023
ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an infostealer that lurked on npm for months before being detected.
May 9, 2023
It takes a village... In Las Vegas, researchers play capture the flag to find vulnerabilities in tools like ChatGPT — with a White House assist.
April 24, 2023
What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.
March 30, 2023
The VOIP software vendor missed signs that its client software had been tampered with before it pushed the update to customers.
March 27, 2023
The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.
March 9, 2023
Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.
February 22, 2023
ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.
February 21, 2023
Denis Pushkarev has big debts — and his code is everywhere. The supply chain security alarm should be at DEFCON 2 by now. We sum it up at fast pace.
February 9, 2023
Aabquerys is a malicious npm package discovered typosquatting on a legitimate npm module that downloads malicious components, ReversingLabs discovered.
February 8, 2023
A researcher discovered a JsonWebToken flaw in a Toyota app that gave access to corporate user accounts, as well as suppliers — and even Toyota parts.
February 2, 2023
The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine
Russia-affiliated Sandworm is using malware strains to attack entities in Ukraine. Also: A massive Yandex code leak reveals the ranking factors of Russia’s search engines.