ReversingLabs Accelerates Strategy to Secure Software Supply Chain, Appoints Peter Doggart as Chief Operating Officer
Read More
Secrets Exposed: An Essential Guide to Securing Secrets in Software
Read eBook
New App Sec Series | Software Package Deconstruction
Learn More
ReversingLabs and Synopsys Join Forces to Combat Software Supply Chain Threats
Learn More

Threat Research (2)

How to harden machine learning models against adversarial attacks
January 5, 2023

How to harden machine learning models against adversarial attacks

As machine learning attacks become more sophisticated, it is imperative to harden ML models and reduce the adversary’s ability to evade detection systems. 
Read More
SentinelSneak: Malicious PyPI module poses as security software development kit
December 19, 2022

SentinelSneak: Malicious PyPI module poses as security software development kit

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
Read More
W4SP continues to nest in PyPI: Same supply chain attack, different distribution method
December 1, 2022

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment. 
Read More
ZetaNile: Open source software trojans from North Korea
December 1, 2022

ZetaNile: Open source software trojans from North Korea

ReversingLabs Malware Researcher Joseph Edwards takes a deep dive into ZetaNile, a set of open-source software trojans being used by Lazarus/ZINC.
Read More
Writing detailed YARA rules for malware detection
November 14, 2022

Writing detailed YARA rules for malware detection

New malware appears or evolves daily, so updating tools like YARA rules for detection is critical. Here's how my research team develops YARA rules.
Read More
Gaps in the NVD increase U.S. cyber threat
September 26, 2022

Gaps in the NVD increase U.S. cyber threat

Discrepancies in national vulnerability database reports show the U.S. lags behind China, possibly exposing U.S. firms to cyber attacks, Sophos finds.
Read More
Threat analysis: Malicious npm package mimics Material Tailwind CSS tool
September 23, 2022

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

ReversingLabs has discovered a malicious npm package disguised as the software tool Material Tailwind. Here's an in-depth look at our discovery — and threat analysis. (Updated with MachO executable information.)
Read More
ConversingLabs: Unpacking the Follina exploit
September 8, 2022

ConversingLabs: Unpacking the Follina exploit

In this ConversingLabs podcast, Paul Roberts interviews ReversingLabs researcher Joseph Edwards about his analysis of Follina, a newly discovered exploit. 
Read More
New malicious packages in PyPI: What it means for securing open source repositories
August 29, 2022

New malicious packages in PyPI: What it means for securing open source repositories

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.
Read More
How abuse.ch evolved into an essential threat hunting platform
August 24, 2022

How abuse.ch evolved into an essential threat hunting platform

When Roman Hüssy started abuse.ch, it began as a simple threat research blog. Now, the project offers an open source threat hunting platform to users worldwide.
Read More
GwisinLocker ransomware targets South Korean industrial and pharma firms
August 9, 2022

GwisinLocker ransomware targets South Korean industrial and pharma firms

GwisinLocker is a new ransomware family that targets Linux in industrial and pharma companies with sophisticated "double extortion" ransomware campaigns. 
Read More
Threat analysis: Follina exploit fuels 'live-off-the-land' attacks
July 27, 2022

Threat analysis: Follina exploit fuels 'live-off-the-land' attacks

An analysis of three in-the-wild payloads delivered using the Follina exploit shows how attackers can boost efforts to avoid detection by security tools. 
Read More

SUBSCRIBE

Get the Best of the ReversingLabs newsletter delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs Cafe: Chris Romeo on the state of application security ConversingLabs Cafe: Chris Romeo on the state of application security
Conversations About Threat Hunting and Software Supply Chain Security
Behaviors & Diffs: Better Together for Software Supply Chain Security Behaviors & Diffs: Better Together for Software Supply Chain Security
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Deconstructing UPS Ship Manager Software Package Deconstruction: Deconstructing UPS Ship Manager
Analyzing Risks To Your Software Supply Chain