ReversingLabs explained how attackers often use multiple platforms to spread their malware, creating a more extensive attack surface that targets developers across ecosystems.
In a report by Reversing Labs, researchers say the malicious extensions first appeared in the VSCode marketplace in October.
Lessons learned from the headline-grabbing cybersecurity incidents of 2024
Cybersecurity researchers at ReversingLabs found that hackers used malicious code to combine the Ultralytics AI library to mine cryptocurrency.
In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner.
Reversing Labs researchers identified and reported the threat, leading to its removal from the PyPI.
Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step of using a mature software supply chain security solution to ensure they're not blindly trusting a provider's software.
This episode of Safe Mode explores the critical issue of software supply chain security with Saša Zdjelar, ReversingLabs’ chief trust officer.
Threats to software supply chains are eroding the existing enterprise software procurement model, so it’s time for a change.
-1400x732.webp&w=3840&q=75)
Saša Zdjelar of ReversingLabs, explains why SBOM are a good first start, but aren’t enough to deliver secure software.
According to ReversingLabs, the hackers behind the effort are luring developers with fake job offers and instructing them to download PyPI packages with obfuscated malware from GitHub repositories as part of coding tests.
New research from Reversing Labs shows that the Lazarus Group is continuing its campaign of tempting targeting developers with malicious software packages on open-source repositories by posing as employees of the financial services firm Capital One.
North Korean attackers pose as recruiters for financial firms to lure developers into executing trojanized Python projects on their machines as part of fake job interviews.
Lazarus Group has been observed continuing its VMConnect campaign by targeting developers with new malicious software packages on open source repositories, according to ReversingLabs.
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments.