January 5, 2023
As machine learning attacks become more sophisticated, it is imperative to harden ML models and reduce the adversary’s ability to evade detection systems.
December 19, 2022
A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
December 1, 2022
Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment.
December 1, 2022
ReversingLabs Malware Researcher Joseph Edwards takes a deep dive into ZetaNile, a set of open-source software trojans being used by Lazarus/ZINC.
November 14, 2022
New malware appears or evolves daily, so updating tools like YARA rules for detection is critical. Here's how my research team develops YARA rules.
September 26, 2022
Discrepancies in national vulnerability database reports show the U.S. lags behind China, possibly exposing U.S. firms to cyber attacks, Sophos finds.
September 23, 2022
ReversingLabs has discovered a malicious npm package disguised as the software tool Material Tailwind. Here's an in-depth look at our discovery — and threat analysis. (Updated with MachO executable information.)
September 8, 2022
In this ConversingLabs podcast, Paul Roberts interviews ReversingLabs researcher Joseph Edwards about his analysis of Follina, a newly discovered exploit.
August 29, 2022
After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.
August 24, 2022
When Roman Hüssy started abuse.ch, it began as a simple threat research blog. Now, the project offers an open source threat hunting platform to users worldwide.
August 9, 2022
GwisinLocker is a new ransomware family that targets Linux in industrial and pharma companies with sophisticated "double extortion" ransomware campaigns.
July 27, 2022
An analysis of three in-the-wild payloads delivered using the Follina exploit shows how attackers can boost efforts to avoid detection by security tools.