Explore ReversingLabs Software Supply Chain Security's New Secrets Capabilities
LEARN MORE
Forrester Report: The Software Composition Analysis Landscape, Q1 2023 
LEARN MORE
eBook: Why Traditional App Sec Testing Fails on Supply Chain Security
READ NOW

Threat Research

VS Code hack shows how supply chain attacks can extend to other software development tools
March 27, 2023

VS Code hack shows how supply chain attacks can extend to other software development tools

The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.
Read More
PyPI repo poisoned with "Colour-Blind" RAT
March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.
Read More
Developers beware: Imposter HTTP libraries lurk on PyPI
February 22, 2023

Developers beware: Imposter HTTP libraries lurk on PyPI

ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.
Read More
Lesson from Core-JS: Beware hidden dependencies from indebted Russian developers
February 21, 2023

Lesson from Core-JS: Beware hidden dependencies from indebted Russian developers

Denis Pushkarev has big debts — and his code is everywhere. The supply chain security alarm should be at DEFCON 2 by now. We sum it up at fast pace.
Read More
Open-source repository malware sows Havoc
February 9, 2023

Open-source repository malware sows Havoc

Aabquerys is a malicious npm package discovered typosquatting on a legitimate npm module that downloads malicious components, ReversingLabs discovered.
Read More
Leaky app gives researcher 'total, global control' over the Toyota supplier network
February 8, 2023

Leaky app gives researcher 'total, global control' over the Toyota supplier network

A researcher discovered a JsonWebToken flaw in a Toyota app that gave access to corporate user accounts, as well as suppliers — and even Toyota parts. 
Read More
The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine
February 2, 2023

The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine

Russia-affiliated Sandworm is using malware strains to attack entities in Ukraine. Also: A massive Yandex code leak reveals the ranking factors of Russia’s search engines.
Read More
How to harden machine learning models against adversarial attacks
January 5, 2023

How to harden machine learning models against adversarial attacks

As machine learning attacks become more sophisticated, it is imperative to harden ML models and reduce the adversary’s ability to evade detection systems. 
Read More

SUBSCRIBE

Get the best of the ReversingLabs Blog delivered to your in-box weekly.