Blog | ReversingLabs | AppSec & Supply Chain Security (13)

July 6, 2023

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.

June 26, 2023

5 reasons why cyber attackers love software developers

Hackers are having a field day targeting developers with supply chain attacks, which open doors to other compromises. Here's why — and what to do about it.

June 22, 2023

The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)

This week: BlackCat hackers threaten to leak Reddit’s data. Also: Hijacked S3 buckets are being used in attacks on npm packages.

June 21, 2023

MITRE’s System of Trust: A discussion about standardizing software supply chain risk

Robert Martin of MITRE and Cassie Crossley of Schneider Electric discuss how MITRE’s System of Trust helps operationalize software supply chain security.

June 21, 2023

Passkeys standard: Time to add it to your dev plans?

Forward-thinking DevOps shops are doing it already. Isn’t it time your team got on board?

June 20, 2023

OWASP Top 10 for LLMs: Can AI risk be tamed?

OWASP is expanding its Top 10 series with a list of Large Language Model (LLM) vulnerabilities. Here's what application security teams need to know.

June 15, 2023

CISA SBOM-a-rama tackles challenges: 5 key takeaways

The challenges — and also the promise — of software bills of materials were on display Wednesday as CISA hosted SBOM-a-rama. Here are five key takeaways.

June 14, 2023

How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

In this ConversingLabs Cafe interview, Naveen Srinivasan, a maintainer of the OpenSSF Security Scorecard, talks about evaluating software dependency risk.

June 13, 2023

MOVEit software exploit walks before it runs

Cl0p quietly tested the flaw for two years before launching the full exploit. Lesson: Look both ways before crossing.

June 12, 2023

Self-attestation on software security: What development teams need to know

Software vendors who do business with the federal government now have to prove they are practicing basic supply chain security. Here are the requirements.

June 8, 2023

The Gigabyte firmware backdoor: Lessons learned about supply chain security

Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.

June 8, 2023

The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical

Researchers link ChatGPT hallucinations and software supply chain threat. Also, a watch group says better critical infrastructure security is needed.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

AppSec & Supply Chain Security (13)

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

5 reasons why cyber attackers love software developers

The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)

MITRE’s System of Trust: A discussion about standardizing software supply chain risk

Passkeys standard: Time to add it to your dev plans?

OWASP Top 10 for LLMs: Can AI risk be tamed?

CISA SBOM-a-rama tackles challenges: 5 key takeaways

How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

MOVEit software exploit walks before it runs

Self-attestation on software security: What development teams need to know

The Gigabyte firmware backdoor: Lessons learned about supply chain security

The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical

Topics

Special Reports

The State of Software Supply Chain Security 2024

Upcoming Webinars

ConversingLabs

AppSec & Supply Chain Security (13)

Topics

Follow us

Subscribe

Special Reports