Blog | ReversingLabs (30)

January 25, 2023

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Top leaders and practitioners from eBay, Fidelity, T-Mobile and Tasktop share lessons from the Log4Shell vulnerability. Here are four key takeaways.

January 24, 2023

Move over, npm: Now VS Code extensions can’t be trusted

It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.

January 23, 2023

AI unleashed: Are you repared for next-gen software supply chain attacks?

ChatGTP and GitHub Copilot seem like a win for developers — under pressure to release new features continuously. But the code produced by generative AI needs serious scrutiny.

January 19, 2023

The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet

This week: A new software supply chain attack has been discovered on PyPI. Also: A ransomware attack on ship management software impacts 1000 vessels.

January 18, 2023

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?

Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!

January 18, 2023

Software supply chain security and compliance: Why you should get out in front of requirements

Get out in front of software supply chain compliance requirements for a competitive advantage. Here's what your software organization needs to know.

January 13, 2023

The CircleCI secrets hack: A red flag on software supply chain risk

Security teams should consider consider software supply chain risk through a new lens after the latest CircleCI incident.

January 12, 2023

ReversingLabs Threat Analysis and Hunting Solution January 2023 Update: Driving SecOps Forward

Learn how A1000 can reduce risks (and workload and tool costs) while ensuring privacy. Plus, how it reduces MTTD, and prioritizes malware for triage.

January 12, 2023

The Week in Security: When AI attacks, ChatGPT lowers the bar for developing malware

This week: Trojan Puzzle attack shows how AI can be trained for malicious purposes. Also: ChatGPT is enabling script kiddies to write functional malware.

January 12, 2023

App sec and the supply chain: Work in tandem with engineers to achieve true software security

Application security is foundational to the software supply chain security ecosystem. But it takes a village. Derek Fisher explains in this fireside chat.

January 11, 2023

If you don't love me now: JsonWebToken could break the software supply chain (again)

The JsonWebToken library has a serious flaw, which could lead to remote code execution. While exploitability is questionable, it could be a big problem.

January 11, 2023

After hack, CircleCI tells devs to update secrets now

In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Move over, npm: Now VS Code extensions can’t be trusted

AI unleashed: Are you repared for next-gen software supply chain attacks?

The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?

Software supply chain security and compliance: Why you should get out in front of requirements

The CircleCI secrets hack: A red flag on software supply chain risk

ReversingLabs Threat Analysis and Hunting Solution January 2023 Update: Driving SecOps Forward

The Week in Security: When AI attacks, ChatGPT lowers the bar for developing malware

App sec and the supply chain: Work in tandem with engineers to achieve true software security

If you don't love me now: JsonWebToken could break the software supply chain (again)

After hack, CircleCI tells devs to update secrets now

Topics

Special Reports

The State of Software Supply Chain Security 2024

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports