Cyberscoop: Hugging Face platform continues to be plagued by vulnerable ‘pickles’
A widely used python module for machine-learning developers can be loaded with malware and bypass detection measures.
Cyberscoop: Hugging Face platform continues to be plagued by vulnerable ‘pickles’
CyberWire Daily: Crypto client or cyber trap?
Olympic scammers go for gold.
TechRadar: New attacks exploit VSCode extensions and npm packages
Developers targeted by malicious Microsoft VSCode extensions
Forbes: Warning Crypto Investors—This Malicious Code Could Empty Your Wallet
ReversingLabs explained how attackers often use multiple platforms to spread their malware, creating a more extensive attack surface that targets developers across ecosystems.
Bleeping Computer: Malicious Microsoft VSCode extensions target devs, crypto community
In a report by Reversing Labs, researchers say the malicious extensions first appeared in the VSCode marketplace in October.
The Last Watchdog: Lessons learned from the headline-grabbing cybersecurity incidents of 2024
Lessons learned from the headline-grabbing cybersecurity incidents of 2024
HackRead: Ultralytics AI library with 60M downloads compromised for cryptomining
Cybersecurity researchers at ReversingLabs found that hackers used malicious code to combine the Ultralytics AI library to mine cryptocurrency.
The Hacker News: Supply chain compromise of Ultralytics AI library results in trojanized versions
In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner.
Infosecurity Magazine: Malicious PyPI package exposes crypto wallets to infostealer code
Reversing Labs researchers identified and reported the threat, leading to its removal from the PyPI.
Dark Reading: Going Beyond Secure by Demand
Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step of using a mature software supply chain security solution to ensure they're not blindly trusting a provider's software.
Safe Mode: ReversingLabs’ Saša Zdjelar on the ‘black box’ of commercial software
This episode of Safe Mode explores the critical issue of software supply chain security with Saša Zdjelar, ReversingLabs’ chief trust officer.
SecurityInfoWatch: The procurement challenge breaks open the black box that is commercial software
Threats to software supply chains are eroding the existing enterprise software procurement model, so it’s time for a change.
-1400x732.webp&w=3840&q=75)
SC Media: Why SBOMs are not enough to manage modern software risks
Saša Zdjelar of ReversingLabs, explains why SBOM are a good first start, but aren’t enough to deliver secure software.
IT Brew: Suspected North Korean group appears to still be hoaxing devs into downloading malware
According to ReversingLabs, the hackers behind the effort are luring developers with fake job offers and instructing them to download PyPI packages with obfuscated malware from GitHub repositories as part of coding tests.
CISO Series: Cybersecurity News: Lazarus spoofs CapitalOne, Mastercard buys RecordedFuture, WordPress imposes 2FA
New research from Reversing Labs shows that the Lazarus Group is continuing its campaign of tempting targeting developers with malicious software packages on open-source repositories by posing as employees of the financial services firm Capital One.