
AI-BOM minimum elements proposal builds on SBOM lessons
The Institute for Security and Technology's 'Driving AI Transparency' policy paper makes the case for defining AI supply chain visibility.

The Institute for Security and Technology's 'Driving AI Transparency' policy paper makes the case for defining AI supply chain visibility.

RL recently discovered active Microsoft 365 device code phishing. Here's a walkthrough of how our researchers found the campaign.

While this repository vector is not new, researchers have uncovered a new twist for exploiting trusted metrics to hide malicious code.

The Institute for Security and Technology's 'Driving AI Transparency' policy paper makes the case for defining AI supply chain visibility.

RL recently discovered active Microsoft 365 device code phishing. Here's a walkthrough of how our researchers found the campaign.

While this repository vector is not new, researchers have uncovered a new twist for exploiting trusted metrics to hide malicious code.

Explore the new Gartner® Magic Quadrant™ for software supply chain security and learn why ReversingLabs is recognized.

The Life and Times of Cybersecurity Professionals study highlights a trend that has accelerated as cyber has become more complex.

The Magic Quadrant™ for Software Supply Chain Security is a 45-minute read. Here's what we feel security leaders need to pull from it.

SSCS is a footnote that grew up, moved out, and got its own report.

With a ‘vulnpocalypse’ expected, AppSec leaders are calling for the companies to invest in a Great Refactor Fund to secure open source.

SecOps leaders must tackle cost and risk to deliver autonomous vulnerability operations. But with frontier AI, it's critical.

The first Magic Quadrant™ for Software Supply Chain Security comes as, we feel, the demand for greater supply chain visibility explodes.

Agentic AI is moving the perimeter from components to data — and most strategies aren't built for that.

Coding agents are privileged insiders — with keys to CI/CD pipelines even as they give rise to ‘slopsquatting.’ Here’s how to govern them.

Disabling scripts by default closes the vector worms like Shai-Hulud rely on. Here's what the update fixes — and what it doesn't.

The Microsoft 365 phishing campaign persuades victims to complete a real authentication process that authorizes an attacker-controlled device.

RL has documented CVE-2026-46316, and developed two YARA rules to help detect exploits of the multi-tenant cloud vulnerability.
Get your 14-day free trial of Spectra Assure for Software Supply Chain Security
Get Free TrialMore about Spectra Assure Free Trial