
Crypto wallets targeted in widespread hack of npm, GitHub
A phishing campaign against maintainers resulted in malware distribution via Javascript in top open-source packages.
Learn More about Crypto wallets targeted in widespread hack of npm, GitHubAn xBOM or Extended Bill of Materials is a collection of multiple types of Bills of Materials (BOMs), or inventories relevant to a product. The different BOMs provide visibility into different domains based on the product being made.
For example, an xBOM for an application can include:SBOM: an inventory of software components
Whereas an xBOM for a device would include a different combination of inventories, for example:
Organizations need complete visibility into the software and hardware products being produced or purchased in an era of complex digital ecosystems and increasing cyber threats. xBOM enables deeper insight, traceability, and security across the entire lifecycle of a product, supporting compliance, resilience, and faster response to vulnerabilities.
xBOM provides a single artifact that collects the various BOMs created from multiple sources. For example, software related BOMs can be created by analyzing the software stack using static code analysis, binary scanning, and configuration reviews. These BOMs can be produced and maintained through automated tools that as part of secure development workflows or during third-party software evaluations. SaaSBOMs can be generated through a combination of API discovery, inventory mapping tools, software binary analysis, and integration with IT asset management or SaaS management platforms.
Hardware related BOM can be created from design software and component specifications. While BOMs related to product operations can capture details about configurations, operating systems, and other dependencies from testing, staging, or production environments.
Feature | xBOM | SBOM | SaaSBOM | CBOM |
---|---|---|---|---|
Software Components | yes | yes | yes | yes |
SaaS Dependencies | yes | no | yes | no |
Hardware Components | yes | no | no | no |
Cloud Services and Resources | yes | no | yes | no |
Cryptographic Assets | yes | no | no | yes |
Coverage Scope | Full-stack | Software-only | SaaS-focused | Cryptography |
A phishing campaign against maintainers resulted in malware distribution via Javascript in top open-source packages.
Learn More about Crypto wallets targeted in widespread hack of npm, GitHubRL’s Ransomware Feed data from the first half of the year shows a jump in early-stage threats like infostealers — and a drop in Trojans.
Learn More about Ransomware 2025: Infostealers on the MarchLearn how ActiveState and ReversingLabs integration automates secure component sourcing, secure software releases, remediation guidance, and policy enforcement.
Learn More about ActiveState and RL: Unlocking Software Supply Chain Security