CVE noise drowns out supply chain threats
48,000 CVEs were reported in 2025 — but just 58 were critical. A new report highlights why signal-to-noise ratio matters for AppSec.
Featured
CVE noise drowns out supply chain threats
31 Red Hat npm packages backdoored in 72 seconds
RL has discovered a new supply chain attack affecting 9.8M total downloads across Red Hat's Hybrid Cloud Console JavaScript ecosystem.
Forrester Names RL in Agentic Development Security Market
The new landscape report maps 35 vendors addressing an emerging category of risk: AI agents writing insecure code at machine speed.
Latest
CVE noise drowns out supply chain threats
48,000 CVEs were reported in 2025 — but just 58 were critical. A new report highlights why signal-to-noise ratio matters for AppSec.
31 Red Hat npm packages backdoored in 72 seconds
RL has discovered a new supply chain attack affecting 9.8M total downloads across Red Hat's Hybrid Cloud Console JavaScript ecosystem.
Forrester Names RL in Agentic Development Security Market
The new landscape report maps 35 vendors addressing an emerging category of risk: AI agents writing insecure code at machine speed.
5 lessons from vulnerability management's front lines
VM success is determined by findings reaching developers with context — which is getting more challenging. Here's why to shift gears.
Dependency attack takes down ed-tech platform at scale
The Canvas LMS supply chain compromise — which hit during finals week — shows the impact of cascading attacks.
Researcher's Notebook: Hunting Megalodon Fossils
Analyzing C2 responses from compromised GitHub Actions linked a current threat to an earlier one, showing the value of retrohunting.
GitHub breach: The development ecosystem is in the hot seat
This TeamPCP attack is a serious wakeup call about software supply chain security — and the problems with implicit trust.
AI agents are the new insider threat
AI security leader and author Steve Wilson explains why you need to rethink security — and treat AI agents as digital workers.
Hackers Abuse Parental Controls to Hijack Google Accounts
Learn how attackers are re-casting adults as minors to bypass recovery and lock users out.
Spectra Analyze, Spectra Core Update: Deeper Detection, Smarter Analysis
RL threat detection and binary analysis can now close the gap for threat hunters.
Shai-Hulud code drop: It’s open season for attacks
The npm malware's public release provides a ready-made blueprint for threat actors. Take action on supply chain security.
RL Joins NATO Locked Shields Cyber Event: 3 Takeaways
ReversingLabs joined defensive teams with its malware analysis platform. Here are key lessons.
Think AI agents are risky? Your underlying stack is too
To manage agentic AI risk, organizations need to focus more on the infrastructure they run on.
Mini Shai-Hulud tears at OSS trust
This latest compromises of popular and infrastructure-level npm packages are rocking the foundations open source.
How Dirty Frag rose from the Copy Fail exploit
RL documented 163 samples of the Linux exploit's new variants, active malware — and developed YARA rules.