Blog | ReversingLabs | AppSec & Supply Chain Security (20)

January 19, 2023

The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet

This week: A new software supply chain attack has been discovered on PyPI. Also: A ransomware attack on ship management software impacts 1000 vessels.

January 18, 2023

Software supply chain security and compliance: Why you should get out in front of requirements

Get out in front of software supply chain compliance requirements for a competitive advantage. Here's what your software organization needs to know.

January 13, 2023

The CircleCI secrets hack: A red flag on software supply chain risk

Security teams should consider consider software supply chain risk through a new lens after the latest CircleCI incident.

January 12, 2023

App sec and the supply chain: Work in tandem with engineers to achieve true software security

Application security is foundational to the software supply chain security ecosystem. But it takes a village. Derek Fisher explains in this fireside chat.

January 11, 2023

If you don't love me now: JsonWebToken could break the software supply chain (again)

The JsonWebToken library has a serious flaw, which could lead to remote code execution. While exploitability is questionable, it could be a big problem.

January 11, 2023

After hack, CircleCI tells devs to update secrets now

In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.

January 11, 2023

Danger: Researchers exploit gaps in connected vehicle software supply chain

Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns.

January 9, 2023

Shift the SOC left: Why you should integrate DevOps with SecOps

The collaboration between SOCs and software development teams is essential for ensuring your organization's software security. Here's why.

January 4, 2023

PyTorch supply chain attack: Dependency confusion burns DevOps

The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI. Here's the craic.

January 4, 2023

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks.

December 22, 2022

The Week in Security: Okta says source code stolen. Also: SentinelSneak: PyPi moduel poses as security SDK

Okta is hit with another supply chain attack. Also, ReversingLabs discovered a malicious PyPI package posing as a SentinelOne SDK client.

December 19, 2022

SentinelSneak: Malicious PyPI module poses as security software development kit

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

AppSec & Supply Chain Security (20)

The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet

Software supply chain security and compliance: Why you should get out in front of requirements

The CircleCI secrets hack: A red flag on software supply chain risk

App sec and the supply chain: Work in tandem with engineers to achieve true software security

If you don't love me now: JsonWebToken could break the software supply chain (again)

After hack, CircleCI tells devs to update secrets now

Danger: Researchers exploit gaps in connected vehicle software supply chain

Shift the SOC left: Why you should integrate DevOps with SecOps

PyTorch supply chain attack: Dependency confusion burns DevOps

10 software supply chain attacks you can learn from

The Week in Security: Okta says source code stolen. Also: SentinelSneak: PyPi moduel poses as security SDK

SentinelSneak: Malicious PyPI module poses as security software development kit

Topics

Special Reports

The State of Software Supply Chain Security 2024

Upcoming Webinars

ConversingLabs

AppSec & Supply Chain Security (20)

Topics

Follow us

Subscribe

Special Reports