RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Mario Vuksan

Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

SSCS is a footnote that grew up, moved out, and got its own report. 

Read More about Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 
Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsBlack Hat 2026
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
AppSec & Supply Chain SecurityDecember 22, 2022

The Week in Security: Okta says source code stolen. Also: SentinelSneak: PyPi moduel poses as security SDK

Welcome to the latest edition of The Week in Security, which brings you the latest headlines across the full stack of security: application security; cybersecurity; and beyond.

smiling woman with glasses
Carolynn van Arsdale, Writer, ReversingLabs.Carolynn van Arsdale
FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
The Week in Security: Okta says source code stolen. Also: SentinelSneak: PyPi moduel poses as security SDK

This week: Okta is hit with a supply chain attack incident involving its private GitHub repositories. Also: ReversingLabs researchers discover a malicious PyPI package posing as a SentinelOne SDK client.

This Week’s Top Story

Okta closes out tough 2022 with supply chain hack

Okta, an American identity and access management company, is the victim of a supply chain attack, capping a year that has seen the company struggle with multiple security incidents. BleepingComputer reports that Okta’s private GitHub repositories were hacked and the company's source code stolen this month.

A subsequent, unsigned blog post on Okta's website said that GitHub alerted Okta earlier in the month of suspicious access to Okta’s code repositories. Okta confirmed that this suspicious access was used to copy code from the company's private GitHub repositories for the Okta Workforce Identity Cloud (WIC) product. The company said that the malicious actors did not have access to customer data or Okta’s production services and didn't pose an immediate threat to customers, as the security of Okta's code is not based on it being secret. In the statement, Okta said that its “HIPAA, RedRAMP or DoD customers” were not impacted by the incident, and that Okta itself does not anticipate any disruption to their business as a result.

However, the company's statement also hints at the possible extent of the breach. Okta is placing temporary restrictions on access to its GitHub repositories and has suspended all GitHub integrations with third-party applications. The company is also reviewing "all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure," reviewing "all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code," and notified law enforcement.

It has been a tough year for the identity provider. The theft of the code is the second supply chain attack this year, following an incident in September involving a breach of Okta's subsidiary service Auth0’s code repositories. The hacking group Lapsus$ claimed in March that it hacked Okta’s administrative consoles and customer data. Okta later apologized for not properly disclosing the Lapsus$ hack.

Okta’s CSO said that the company is trying to commit to “transparency and partnership” with its customers by sharing the details of this incident in a timely manner.

News Roundup

Here are the stories we’re paying attention to this week…

Malicious PyPI package found posing as SentinelOne SDK (The Register)

ReversingLabs reverse engineer Karlo Zanki discovered a rapidly updated malicious Python package on PyPI masquerading as a legitimate software-development kit (SDK) from cybersecurity firm SentinelOne that actually contains malware designed to exfiltrate data from infected systems. Read more about the incident in Karlo's blog post.

Russian APT Gamaredon changes tactics in attacks targeting Ukraine (Security Week)

Russia-linked Gamaredon, a hacking group known for providing services to other advanced persistent threat (APT) actors, is one of the most intrusive, continuously active APTs targeting Ukraine, Palo Alto Networks’ Unit 42 warns.

Ransomware hackers using new way to bypass MS Exchange ProxyNotShell mitigations (The Hacker News)

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA).

Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days (Krebs on Security)

Ecco, a global shoe manufacturer and retailer, exposed millions of documents. Not only could anyone have modified the data, but the server misconfiguration’s severity likely left the company open to an attack that could have affected customers all over the world.

Why security teams shouldn't snooze on MFA fatigue (DarkReading)

Security professionals should pay attention to MFA fatigue, also known as an MFA bombing attack, which is a type of social engineering scheme where a cybercriminal sends multiple MFA requests — sometimes in the dead of night — in the hope of frustrating a legitimate user.

Keep learning

  • Learn how Gartner® named RL a supply chain security 'visionary.' Download: Gartner® Magic Quadrant™ for Software Supply Chain Security.
  • Get key insights into why Gartner® identified binary analysis as a must-have control in its recent CISO Playbook for Commercial Software Supply Chain Security.
  • Get up to speed on the Agentic Development Security tools landscape in this webinar with Forrester Sr. Analyst Janet Worthington.
  • Take a deep dive on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar discussing the findings.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Plus: Join the free Spectra Assure Community today to get hands-on with RL's binary analysis-based software supply chain security platform.

Tags:AppSec & Supply Chain Security

More Blog Posts

5 takeaways

2026 Gartner® Magic Quadrant™ for Software Supply Chain Security: 5 takeaways

The Magic Quadrant™ for Software Supply Chain Security is a 45-minute read. Here's what we feel security leaders need to pull from it.

Learn More about 2026 Gartner® Magic Quadrant™ for Software Supply Chain Security: 5 takeaways
2026 Gartner® Magic Quadrant™ for Software Supply Chain Security: 5 takeaways
OSS security

Should frontier AI firms fund OSS ecosystem security?

With a ‘vulnpocalypse’ expected, AppSec leaders are calling for the companies to invest in a Great Refactor Fund to secure open source.

Learn More about Should frontier AI firms fund OSS ecosystem security?
Should frontier AI firms fund OSS ecosystem security?
Agentic AI architecture

Agentic AI risk isn't a model problem. It's an architecture problem.

Agentic AI is moving the perimeter from components to data — and most strategies aren't built for that.

Learn More about Agentic AI risk isn't a model problem. It's an architecture problem.
Agentic AI risk isn't a model problem. It's an architecture problem.
AI coding agents

The race to secure AI coding: 4 steps to rein agents in

Coding agents are privileged insiders — with keys to CI/CD pipelines even as they give rise to ‘slopsquatting.’ Here’s how to govern them.

Learn More about The race to secure AI coding: 4 steps to rein agents in
The race to secure AI coding: 4 steps to rein agents in

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top