As we enter 2025, cyber threats to the software supply chain continue to evolve, exploiting popular platforms and tools to infiltrate systems and disrupt workflows.
In this Q4 threat research roundup, join threat research experts from ReversingLabs as they dissect the most significant findings of the quarter, including:
- ✓ Malicious PyPI packages, such as aiocpa that pose as legitimate applications for months, before turning malicious.
- ✓ Campaigns targeting widely used open source libraries such as the compromises of the @solana/web3.js and @lottiefiles/lottie-player npm packages and the ultralytics PyPI package, comprising millions of downloads and thousands of dependent projects.
- ✓ Malicious VSCode extensions impersonating popular apps like Zoom to compromise developer environments.
- ✓ Malicious supply chain campaigns targeting cryptocurrency applications and infrastructure and what they tell us about the evolution of supply chain risks.
- ✓ A VSCode and npm-based campaign set to disrupt workflows in 2024.
Our quarterly research round-up features actionable insights from ReversingLabs' researchers and real-world examples of threats and attacks.
This webinar is a must-attend for developers, security professionals, and software producers looking to safeguard their supply chains.