Blog | ReversingLabs | Threat Research

February 6, 2025

Malicious ML models discovered on Hugging Face platform

Developers working on machine learning take note: RL threat researchers have identified nullifAI, a novel attack technique used on Hugging Face.

December 20, 2024

OSS in the crosshairs: Cryptomining hacks highlight key new threat

Hacks of rspack, vant highlight the growing trend of cryptomining compromises spreading via top open-source packages.

December 20, 2024

A new playground: Malicious campaigns proliferate from VSCode to npm

To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.

December 9, 2024

Compromised ultralytics PyPI package delivers crypto coinminer

A compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware.

December 5, 2024

Malware found in Solana npm library raises the bar for crypto security

Two recent versions of the Solana web3.js open source library were infected with code to steal private keys, putting crypto platforms and wallets at risk.

November 28, 2024

Malicious PyPI crypto pay package aiocpa implants infostealer code

The incident demonstrates how machine learning-based threat hunting can help development teams spot threats other tools miss.

November 21, 2024

Differential analysis raises red flags over @lottiefiles/lottie-player

Three versions of the popular package were infected and used to spread malicious code that was stealing crypto wallet assets.

October 1, 2024

When hackers get hacked: Sam Curry on his career — and his latest research

In this latest ConversingLabs podcast, the independent security researcher shares insights into his intriguing journey — and his latest research.

September 10, 2024

Fake recruiter coding tests target devs with malicious Python packages

RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.

July 11, 2024

Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs

Malware authors upped their game, using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code, RL researchers found.

June 26, 2024

Malicious npm package targets AWS users

The package's history is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.

June 5, 2024

Python downloader highlights noise problem in open source threat detection

RL discovered what appeared to be a malicious downloader on PyPI. It turned out to be red teaming — but highlights a growing problem for threat detection.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Threat Research

Malicious ML models discovered on Hugging Face platform

OSS in the crosshairs: Cryptomining hacks highlight key new threat

A new playground: Malicious campaigns proliferate from VSCode to npm

Compromised ultralytics PyPI package delivers crypto coinminer

Malware found in Solana npm library raises the bar for crypto security

Malicious PyPI crypto pay package aiocpa implants infostealer code

Differential analysis raises red flags over @lottiefiles/lottie-player

When hackers get hacked: Sam Curry on his career — and his latest research

Fake recruiter coding tests target devs with malicious Python packages

Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs

Malicious npm package targets AWS users

Python downloader highlights noise problem in open source threat detection

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Threat Research

Topics

Follow us

Subscribe

Special Reports