At ReversingLabs, we’ve identified seven critical risks that plague commercial software, or what we call Commercial Software’s Seven Deadly Sins.

As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers.

ReversingLabs' analysis of ethers-provider2 has revealed that it's nothing but a trojanized version of the widely-used ssh2 npm package

Microsoft Security’s artificial intelligence (AI) security team recently shared its findings from a multi-year study that involved red teaming 100 generative AI (GenAI) products.

Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models.

Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities.