Two recent versions of the Solana web3.js open source library were infected with code to steal private keys, putting crypto platforms and wallets at risk.
Read More about Malware found in Solana npm library raises the bar for crypto security
The incident demonstrates how machine learning-based threat hunting can help development teams spot threats other tools miss.
Read More about Malicious PyPI crypto pay package aiocpa implants infostealer code
Three versions of the popular package were infected and used to spread malicious code that was stealing crypto wallet assets.
Read More about Differential analysis raises red flags over @lottiefiles/lottie-player.webp&w=3840&q=75)
In a new ConversingLabs podcast, the independent security researcher talks about his early entry into the field — and his latest connected-car research.
Read More about When hackers get hacked: Sam Curry on his career — and his latest research
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
Read More about Fake recruiter coding tests target devs with malicious Python packages
Malware authors upped their game, using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code, RL researchers found.
Read More about Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs
The history of the package is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.
Read More about Malicious npm package targets AWS users
RL discovered what appeared to be a malicious downloader on PyPI. It turned out to be red teaming — but highlights a growing problem for threat detection.
Read More about Python downloader highlights noise problem in open source threat detection
There is no foolproof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three.
Read More about XZ Trojan highlights software supply chain risk posed by 'sock puppets'
Two newly discovered extensions on the VS Code Marketplace are designed to steal sensitive information, showing that open source attacks are expanding.
Read More about Malicious helpers: VS Code Extensions observed stealing sensitive information
Here's what the RL research team knows about the suspicious SqzrFramework480 campaign, which is still available on the NuGet repository.
Read More about Suspicious NuGet package grabs data from industrial systems
RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery.
Read More about BIPClip: Malicious PyPI packages target crypto wallet recovery passwords
How to apply YARA rules for threat detection, searching, hunting and more.
Read More about Level up your YARA game
RL discovered two malicious packages and a subsequent larger campaign, showing that the approach is an emerging software supply chain attack method.
Read More about Attackers leverage PyPI to sideload malicious DLLs
ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.
Read More about GitGot: GitHub leveraged by cybercriminals to store stolen data