Blog | ReversingLabs | Richi Jennings (2)

May 23, 2023

PyPI paused as automated attack overwhelms admins

Python Package Index was flooded with malicious typo-squatting packages. Weekend warriors quit defense and hit the pause button.

May 17, 2023

Lessons from MSI's UEFI key breach: How safe are the secrets in your software?

Stolen keys allow bootkits to avoid Intel’s “Guard” features. And there’s no way to revoke them.

May 9, 2023

Red teamers take on AI at DEF CON 31

It takes a village... In Las Vegas, researchers play capture the flag to find vulnerabilities in tools like ChatGPT — with a White House assist.

May 3, 2023

SolarWinds hack: Did DOJ know 6 months earlier?

The Department of Justice is reported to have stayed on the down-low on SolarWinds. Poster child for software supply chain security? The plot thickens...

April 26, 2023

#RSAC is big again — and AI + security is huge: #StrongerTogether?

RSA Conference is back big in 2023, with large language models buzzing: Al to fight AI, and generative AI and supply chain security.

April 18, 2023

EU cyber laws ‘will’ make FOSS devs liable

The goal might be laudable, but aspects of the EU law need a major rethink. In this week’s Secure Software Blogwatch, we fear unintended consequences.

April 11, 2023

Has public USB ‘juice jacking’ made it into the wild?

Déjà vu, but carry protection, dev teams traveling with credentials: Theorized as early as 2011, could public-USB attacks have finally gone rogue?

April 5, 2023

With Twitter code in the wild, DevSecOps doubts surface

In this week’s Secure Software Blogwatch, we ponder the unintended consequences of “transparency.”

March 29, 2023

Do you trust AI to find app sec holes while you sleep?

Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.

March 15, 2023

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).

March 7, 2023

White House cyber strategy: A love/hate story

The new National Cybersecurity Strategy will punish big software developers for failing to follow best practices. And, for the first time, make them liable.

March 1, 2023

LastPass revelations: BIG lessons for DevSecOps teams

LastPass has revealed a little more about the vault breach that occurred during August last year. And there are big, big lessons to be learned for DevSecOps teams.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

PyPI paused as automated attack overwhelms admins

Lessons from MSI's UEFI key breach: How safe are the secrets in your software?

Red teamers take on AI at DEF CON 31

SolarWinds hack: Did DOJ know 6 months earlier?

#RSAC is big again — and AI + security is huge: #StrongerTogether?

EU cyber laws ‘will’ make FOSS devs liable

Has public USB ‘juice jacking’ made it into the wild?

With Twitter code in the wild, DevSecOps doubts surface

Do you trust AI to find app sec holes while you sleep?

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

White House cyber strategy: A love/hate story

LastPass revelations: BIG lessons for DevSecOps teams

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports