Blog | ReversingLabs | Threat Research (2)

October 31, 2023

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

RL has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.

October 4, 2023

Typosquatting campaign delivers r77 rootkit via npm

One “s” is all that separates a legitimate npm package from a malicious twin that delivered the r77 rootkit, and was downloaded more than 700 times, ReversingLabs researchers discovered.

September 28, 2023

What we know about BlackCat and the MGM hack

Ransomware-as-a-service gang ALPHV/BlackCat carried out a sophisticated attack on the hotel and casino giant MGM. Here’s what the RL threat team knows.

September 5, 2023

Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks

RL threat researchers have discovered multiple malicious campaigns on open repositories recently. Join the Webinar to discuss key takeaways.

August 31, 2023

VMConnect supply chain attack continues, evidence points to North Korea

ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, and evidence linking the campaign to North Korean threat actors.

August 22, 2023

Fake Roblox packages target npm with Luna Grabber info-stealing malware

ReversingLabs identified more than a dozen malicious packages targeting Roblox users on the npm public repository, recalling an attack from 2021.

August 3, 2023

VMConnect: Malicious PyPI packages imitate popular open source modules

ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.

July 27, 2023

More malicious npm packages found in wake of JumpCloud supply chain hack

ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.

July 6, 2023

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.

June 1, 2023

When byte code bites: Who checks the contents of compiled Python files?

ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.

May 18, 2023

RATs found hiding in the npm attic

ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an infostealer that lurked on npm for months before being detected.

May 9, 2023

Red teamers take on AI at DEF CON 31

It takes a village... In Las Vegas, researchers play capture the flag to find vulnerabilities in tools like ChatGPT — with a White House assist.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Threat Research (2)

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

Typosquatting campaign delivers r77 rootkit via npm

What we know about BlackCat and the MGM hack

Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks

VMConnect supply chain attack continues, evidence points to North Korea

Fake Roblox packages target npm with Luna Grabber info-stealing malware

VMConnect: Malicious PyPI packages imitate popular open source modules

More malicious npm packages found in wake of JumpCloud supply chain hack

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

When byte code bites: Who checks the contents of compiled Python files?

RATs found hiding in the npm attic

Red teamers take on AI at DEF CON 31

Topics

Special Reports

The State of Software Supply Chain Security 2024

Upcoming Webinars

ConversingLabs

Threat Research (2)

Topics

Follow us

Subscribe

Special Reports