Claude Code Security: The pros and cons
The new tool is a step forward on AI coding risk — but it trips on modern threats because it looks only at source code.
Featured
Claude Code Security: The pros and cons
AI-native AppSec: What it is — and why it matters
AI coding is a game-changer — and requires AI-powered application security to fight fire with fire.
BSIMM16 confirms: AI redefines AppSec
AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.
Latest
Claude Code Security: The pros and cons
The new tool is a step forward on AI coding risk — but it trips on modern threats because it looks only at source code.
AI-native AppSec: What it is — and why it matters
AI coding is a game-changer — and requires AI-powered application security to fight fire with fire.
BSIMM16 confirms: AI redefines AppSec
AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.
Inside the NuGet hackers' toolset
RL discovered two packages containing scripts that complete a typosquatting toolchain. Here's how it worked.
Malicious NuGet package targets Stripe
Threat actors targeted developers with a bogus package — a shift away from the recent crypto development hack focus.
How AI agents upend supply chain security
Here’s what you need to know about their impact on software security — and what you can do to fight back.
Cybercrime-as-a-service forces a security rethink
With AI-powered tools readily available, sophisticated attacks no longer require sophisticated attackers.
How to Use YARA Retrohunting for Defense
Learn how to use RL’s analysis of "pkr_mtsi" to advance your detection engineering in Spectra Analyze.
Commercial software risk: New controls required
Legacy strategies and tooling can’t manage today’s software threats. Here’s why binary analysis is necessary.
Inside the fake crypto developer recruitment hack
Here’s a more-in-depth technical analysis of the packages involved in the "graphalgo" campaign.
Fake recruiter campaign targets crypto devs
A new branch of a fake job recruitment campaign, dubbed "graphalgo," is targeting developers with a RAT.
Gartner® CISO Playbook for Commercial SSCS: 3 key insights
Here are the takeaways CISOs and other security leaders should consider for their TPCRM strategies.
Notepad++ hack: Supply chain threats evolve
A compromise of the source code editor underscores attack method diversification. It's time to go beyond trust.
Lab offers 9 ways to improve MCP security
The Vulnerable MCP Servers Lab delivers integration training, demos, and instruction on attack methods.
RL SSCS Report: A 2025 retrospective
ReversingLabs looked at last year’s Software Supply Chain Security Report in the rear-view mirror. Here’s what RL got right — and wrong.