February 20, 2024
RL discovered two malicious PyPI packages and a larger subsequent campaign of packages — highlighting that DLL sideloading is an emerging method for software supply chain attacks.
January 23, 2024
ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.
January 3, 2024
Here are best practices — and recommendations for tooling — to modernize your software supply chain security approach.
November 14, 2023
Don't neutralize CI/CD business gains by failing to account for risk. Here are eight best practices to ensure your software development pipeline is secure.
October 19, 2023
Using Rust in bare-metal applications will make Android a safer platform — and have a broader impact on the Rust community. Here are three key takeaways.
March 27, 2023
The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.