NuGet malware targets Nethereum tools
Highlighting an alarming trend, RL has discovered malicious packages targeting crypto wallets and OAuth tokens to steal funds.
Featured
NuGet malware targets Nethereum tools
NDAA puts AI cyber risk in the crosshairs
What does the future of AI security look like? The latest National Defense Authorization Act gives us a glimpse.
Leveraging Spectra Assure and EDR to Mitigate Third-Party Software Risk
Here’s how to create a compensating control in Crowdstrike to mitigate specific risks in a commercial software package.
Latest
NuGet malware targets Nethereum tools
Highlighting an alarming trend, RL has discovered malicious packages targeting crypto wallets and OAuth tokens to steal funds.
Leveraging Spectra Assure and EDR to Mitigate Third-Party Software Risk
Here’s how to create a compensating control in Crowdstrike to mitigate specific risks in a commercial software package.
NDAA puts AI cyber risk in the crosshairs
What does the future of AI security look like? The latest National Defense Authorization Act gives us a glimpse.
VS Code extensions contain trojan-laden image
RL researchers have identified 19 malicious extensions on the VS Code Marketplace — the majority containing a malicious file posing as a PNG.
New Shai-hulud worm spreads: What to know
A wave of malware has spread to 795 npm packages — and been downloaded more than 100 million times.
5 ways AI will transform the SOC
AI will reshape SecOps by tackling alert fatigue and streamlining workflows, for starters. Here’s what to expect.
Security frameworks fail on supply chain risk
Researchers studied how well the top frameworks mitigate modern attack techniques. They found serious security gaps.
Why AI and cloud-native are security game-changers
Yesterday's security practices can't tackle today's risks, a new CSA guide notes — making updating tooling essential.
RL Threat Intelligence: Context Changes Everything
Learn how the ReversingLabs Browser Extension operationalizes RL threat intelligence cloud in powerful ways.
Bootstrap script exposes PyPI to domain takeover attacks
Proving the road to takeover is paved with setuptools alternatives, the script for a popular Python package for building and installing PyPI packages leaves them vulnerable.
OWASP Top 10 tackles supply chain risk
The Open Worldwide Application Security Project’s widely used AppSec priority list is expanding to cover systemic risk.
Software quality's decline: How AI accelerates it
Development is in freefall toward software entropy and insecurity. Can spec-driven development help?
CTEM advances vulnerability management
Gartner's Continuous Threat Exposure Management model represents an evolution from CVSS. Here’s what you need to know.
Vet PowerShell Modules with Spectra Assure Community
PowerShell's broad use and open access make it an attractive target for supply chain attacks. Here's how Spectra Assure Community can help.
AI vulnerability reporting fails maintainers
Google and others are inundating developers with AI-driven reporting. Are AI-enabled fixes the answer?