Blog | ReversingLabs | Carolynn van Arsdale (6)

March 30, 2023

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

This week: GitHub is issued a subpoena by Twitter over leaked source code. Also: 3CX software supply chain attack leaves millions at risk.

March 24, 2023

From the Labs: YARA Rule for Detecting NB65

ReversingLabs YARA detection rule for NB65 can help you find this ransomware in your environment.

March 23, 2023

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

This week: NuGet is hit with a malicious typosquatting campaign. Also: A malicious ChatGPT Chrome extension is hijacking Facebook accounts.

March 16, 2023

The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware

A Russian-speaking threat actor has breached several European organizations. Also: AI-created videos on YouTube are spreading infostealer malware.

March 9, 2023

The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up

North Korean-linked hacking group Lazarus attacked the same South Korean financial entity twice in 2022. Also: The number of hard-coded secrets is way up.

March 2, 2023

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

New details expose that the recent hack on LastPass was worse than previously thought. Also: CISA has called for for software makers who develop insecure software to be held liable.

February 27, 2023

Lessons learned from the CircleCI secrets breach

The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned.

February 23, 2023

The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm

A misconfiguration likely caused a U.S. government server to leak sensitive military emails, and a massive phishing spam campaign has taken over npm.

February 16, 2023

The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

This week: Russian-linked PIPEDREAM malware targeted critical infrastructure. Also: 400 malicious packages found on PyPI demonstrates attacker prowess.

February 14, 2023

Software composition analysis and the evolution of application security

Here are key takeaways from The Software Composition Analysis Landscape, Q1 2023 report — and how app sec is evolving to adapt to supply chain threats

February 9, 2023

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

CISA is working to operationalize cyber supply chain risk management. Also: a GuLoader malware campaign is targeting the global e-commerce industry.

February 2, 2023

The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine

Russia-affiliated Sandworm is using malware strains to attack entities in Ukraine. Also: A massive Yandex code leak reveals the ranking factors of Russia’s search engines.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

From the Labs: YARA Rule for Detecting NB65

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware

The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

Lessons learned from the CircleCI secrets breach

The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm

The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

Software composition analysis and the evolution of application security

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports