Blog | ReversingLabs | Paul Roberts

Paul Roberts

Content Lead at ReversingLabs. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cybersecurity space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show.

Find Paul Roberts on: Twitter LinkedIn

Recent Posts from Paul Roberts

OSS in the crosshairs: Cryptomining hacks highlight key new threat

December 20, 2024

OSS in the crosshairs: Cryptomining hacks highlight key new threat

Hacks of rspack, vant highlight the growing trend of cryptomining compromises spreading via top-tier open-source packages.

Malware found in Solana npm library raises the bar for crypto security

December 5, 2024

Malware found in Solana npm library raises the bar for crypto security

Two recent versions of the Solana web3.js open source library were infected with code to steal private keys, putting crypto platforms and wallets at risk.

Downgrade attacks open patched systems to malware

November 6, 2024

Downgrade attacks open patched systems to malware

Researcher Alon Leviev warns that the Microsoft Windows compromise posed risks that were structural — stretching well beyond the specific flaws.

SEC action raises the bar on software transparency

November 5, 2024

SEC action raises the bar on software transparency

The firms have been fined for playing down the impact of the attack on SolarWinds. It’s part of a government push for greater transparency.

When hackers get hacked: Sam Curry on his career — and his latest research

October 1, 2024

When hackers get hacked: Sam Curry on his career — and his latest research

In this latest ConversingLabs podcast, the independent security researcher shares insights into his intriguing journey — and his latest research.

Hacker Summer Camp: Reboot needed to tackle software supply chain threats

August 13, 2024

Hacker Summer Camp: Reboot needed to tackle software supply chain threats

Leaders from the private sector and government called for a rethink of outdated security tools and practices in an age of API-driven services and AI.

The big cybersecurity themes at Black Hat 2024 — and why they matter

July 31, 2024

The big cybersecurity themes at Black Hat 2024 — and why they matter

The state of supply chain security is broken, and that leaves Black Hat attendees with a sense of urgency — and lots to discuss. Here are two main themes.

NSA: Nation state actors aren't after your data — they want your OT

May 9, 2024

NSA: Nation state actors aren't after your data — they want your OT

APT actors are thinking beyond data theft and targeting CI. That means you need to look deeper and longer for signs of compromise, the NSA said at RSAC.

Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic

May 2, 2024

Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic

The new Data Breach Investigations Report sounds the alarm over software supply chain security — and calls for higher standards for development organizations.

XZ Trojan highlights software supply chain risk posed by 'sock puppets'

April 11, 2024

XZ Trojan highlights software supply chain risk posed by 'sock puppets'

There is no fool-proof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three key indicators.

A software supply chain meltdown: What we know about the XZ Trojan

April 1, 2024

A software supply chain meltdown: What we know about the XZ Trojan

Software tampering and social engineering were used in a months-long campaign to plant malicious code in major Linux distributions. Here's what we know.

How CISA’s secure software development attestation form falls short

March 18, 2024

How CISA’s secure software development attestation form falls short

Here’s what we know about the government's new software attestation form — and what needs to change to better manage modern software supply chain risk.