ReversingLabs

BSIMM16 confirms it: AI redefines the AppSec landscape | ReversingLabs AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.

BSIMM16 reinforces that #AIcoding is the new reality — and it will further destabilize #softwaresupplychainsecurity.
So step up your #AppSec. 👇
www.reversinglabs.com/blog/bsimm16...

Malicious NuGet package targets Stripe | ReversingLabs In this latest incident, threat actors target developers with a bogus package — a shift away from cryptocurrency development targets.

🚨 RL researchers discovered a malicious package impersonating a legitimate Stripe package on #NuGet — marking a move away from blockchain-related targets while staying focused on financial development tools. Read here: www.reversinglabs.com/blog/malicio...

How to Use YARA Retrohunting for Detection Engineering | ReversingLabs Learn how to leverage ReversingLabs’s dynamic analysis of <em>pkr_mtsi</em> for defense using YARA Rules in Spectra Analyze.

ReversingLabs' Ashlee Benge shares how to use YARA retrohunting for detection engineering by leverageing RL's dynamic analysis of "pkr_mtsi" for defense in Spectra Analyze.
👉 hubs.ly/Q043qJY-0

#yararules #detectionengineering #malwareanalysis

Fake recruiter campaign targets crypto developers with RAT | ReversingLabs A new branch of a well-coordinated fake job recruitment campaign is targeting Javascript and Python developers via social channels.

⚠️ RL #ThreatResearch: A new branch of a fake job recruitment campaign by the NK Lazarus Group, dubbed "graphalgo," is targeting #Javascript & #Python devs with a remote access trojan (RAT). Read more: hubs.ly/Q042HLPR0

Notepad++ hack marks an evolution of supply chain threats | ReversingLabs A months-long compromise of the popular source code editor underscores a diversification of attack methods. Here's why going beyond trust is key.

⛓️ The recent compromise of Notepad++ underscores supply chain attack method diversification. It also serves as a reminder for why going beyond implicit trust is a must: hubs.ly/Q041-Cb30
#SoftwareSupplyChainSecurity #AppSec #DevSecOps

Vulnerable MCP Servers Lab: 9 ways to boost ML security | ReversingLabs The new GitHub-based lab aims to tame MCP servers with security server and tool-integration training, demos, and instruction on attack methods.

🤖 #MCP provides a standardized way for #AI agents to connect directly to apps, tools, & data sources. But because they have real authority, they're attractive targets. The new Vulnerable MCP Servers Lab aims to solve this: https://bit.ly/3MaNXAY

Open-source attacks move through normal development workflows - Help Net Security Open source supply chain attacks move through normal development workflows, turning routine updates and trusted code into delivery paths.

Open-source attacks move through normal development workflows

📖 Read more: www.helpnetsecurity.com/2026/02/03/o...

#cybersecurity #cybersecuritynews #opensource #supplychain #vulnerabilitymanagement @reversinglabs.com

Software Supply Chain Security Report: A 2025 retrospective | ReversingLabs ReversingLabs looked at last year's report in the rear-view mirror. Here's a retrospective with what the team got right -- and wrong.

🪞We looked back on what we predicted the #SoftwareSupplyChainSecurity threat landscape would be in 2025. Here's what we got right — & wrong: https://bit.ly/49UKS19

The Collapse of Trust in the Software Supply Chain The software supply chain is the end-to-end pathway through which software components are sourced, assembled, and deployed into production.

⛓️‍💥 Former CEO & founder of Black Duck Software Doug Levin writes in his Substack how trust in the reliability of the #SoftwareSupplyChain has sharply deteriorated: https://bit.ly/4qLx66N

🔎 In the latest edition of the RL Researcher's Notebook Series, #malware analyst Robert Simmons offers a deep dive of the recent #EmEditor supply chain compromise: https://bit.ly/4rgniBK

Technology’s “Upside Down”? Software Supply Chain The concept of an “Upside Down” is a good way to think about software risks, as the latest Software Supply Chain Security Report makes clear.

The #StrangerThings concept of the “Upside Down” is a pretty useful way to think about the risks lurking in the software we all rely on. A new report from @reversinglabs.com shines a light into that dark world. #appsec #softwaresupplychain securityledger.com/2026/01/tech...

Open-source malware zeroes in on developer environments - Help Net Security Open source malware activity increased in 2025, with attackers using public registries and installs to reach developers and CI systems.

Open-source malware zeroes in on developer environments

📖 Read more: www.helpnetsecurity.com/2026/01/29/r...

#cybersecurity #cybersecuritynews #opensource #malware @reversinglabs.com

How AI coding is breathing new life into Rust  | ReversingLabs AI coding tools are making the memory-safe language Rust a favorite of developers -- even those maintaining massive codebases like Microsoft's.

🤖 #AI tools are making #Rust a favorite language of devs — even those maintaining codebases like Microsoft’s. Keep reading to learn how #AIcoding bolsters Rust: https://bit.ly/49O7wIs

📣 RL's 4th annual report on the state of #SoftwareSupplyChainSecurity is now available: https://bit.ly/3Fq6F3W

#AppSec #DevSecOps

Anthropic's $1.5M Python investment: Why it matters | ReversingLabs Here's what the $1.5M investment in the Python Software Foundation will mean for AI security and open-source management.

🐍 @python.org announced a 2-year partnership with #Anthropic, which will contribute $1.5 million to support the foundation's security initiatives for #PyPI: https://bit.ly/4a6uvhU

Celebrating 9 Years of the Cyber Threat Alliance: Advancing Collective Defense Together - Cyber Threat Alliance By Mario Vuksan, CEO & Co-founder, ReversingLabs This year marks the 9th anniversary of the Cyber Threat Alliance (CTA) — a milestone that highlights nearly a decade of collaboration, trust, and share...

CTA has "helped raise the bar for collaboration across the cybersecurity community, demonstrating that sharing does not weaken competitive advantage — it strengthens collective resilience"
@reversinglabs.com
tinyurl.com/6xtnck5y
#CTA9Years #strongertogether #cybersecurity #threatintelligence

SSDF 1.2 recognizes AppSec is a journey | ReversingLabs NIST has broadened the Secure Software Development Framework to include the full software development lifecycle. Here's why it matters.

NIST has broadened the Secure Software Development Framework (SSDF) to include the full SDLC. Here's what your #AppSec team needs to know: https://bit.ly/3ZksCbk

#DevSecOps #SoftwareSupplyChainSecurity

Mandatory SBOMs: What CRA is -- and why it matters | ReversingLabs The EU's Cyber Resilience Act introduces a legal obligation for software producers to create, maintain, and retain an SBOM. Are you prepared?

📝 The Cyber Resilience Act legally obliges software producers to create, maintain, & retain an #SBOM for all products with digital elements marketed within the EU. Here's what you need to know: https://bit.ly/4b4XSSV

Why governance is essential for safe AI adoption | ReversingLabs A new CSA report stresses getting out in front of AI risk — and offers insights into AI in SecOps. Here’s why you need guardrails.

🤖 A new report on #AIsecurity from the Cloud Security Alliance finds that enterprise governance of #AI usage & potential threats makes a huge difference: https://bit.ly/459MYrk

🚨New Feature Alert: secure.software now offers free, single click #SBOM delivery in the CycloneDX format. See it in action: app.arcade.software/share/oBBgnr...

#Dev #AppSec #DevSecOps

📆 Next Thursday: RL researchers break down real-world campaigns uncovered in the closing months of 2025 across NuGet, PyPI, PowerShell & VS Code: https://bit.ly/4sCIh3f

#SoftwareSupplyChainSecurity #Dev #Cybersecurity

Adversarial AI is on the rise: What you need to know | ReversingLabs Researchers explain how as threat actors move to AI-enabled malware in active operations, existing defenses will fail.

⚠️ According to a recent report from the Google Threat Intelligence Group, adversaries are now deploying novel #AI-enabled #malware in active operations: https://bit.ly/45v4FBR #Cybersecurity

How supply chain risk can affect your cyber insurance | ReversingLabs Here's why gaining visibility into supply chain threats -- and adding controls for software risk -- are essential to insurability.

⛓️‍💥 Eligibility for #CyberInsurance could hinge on the strength of #SoftwareSupplyChainSecurity & third-party risk management controls: https://bit.ly/3NmbJu5

#Cybersecurity #DevSecOps

🧵Introducing: 🚨New Feature Alert → a series dedicated to RL product updates! This week, we’re excited to unveil a dedicated #Malware page in the RL-SAFE Report: app.arcade.software/share/H7euVM...

#SoftwareSupplyChainSecurity #DevSecOps

AI technical debt: What it is -- and why it matters | ReversingLabs AI platforms exacerbate existing security risks in the enterprise. Here's what you need to know to stay out of technical debt.

😵‍💫 #AI technical debt is all the more perilous for being poorly understood. Learn how it forms & can fuel a breach your org can't afford: https://bit.ly/4qHPL3d

#AISecurity #Cybersecurity

🔎 In the next installment of the RL Researcher's Notebook series, #malware analyst Rob Simmons unpacks the malicious Windows packer ‘pkr_mtsi’. Read on to learn about it's evolution, & access a #YARA rule for it: https://bit.ly/3YrHvrW

#Cybersecurity

SF² framework aims to help you scale SecOps wisely  | ReversingLabs The Software Factory Security Framework looks at scaling security operations as a resource-allocation problem -- not just head count.

⛓️ The open-source SF² presents security scaling as a strategic resource-allocation challenge rather than a staffing problem. Here's how it helps: https://bit.ly/3YijlQz

#SoftwareSupplyChainSecurity #DevSecOps #CISO

AI is upending file security. Here’s how to fight back | ReversingLabs As attacks become AI-optimized and internal AI use rises, enterprises are scrambling to secure files. Here’s how to modernize your security strategy.

🤖 As cyber attacks become #AI-optimized & internal AI use rises, enterprises are scrambling to secure files. Here's why your org needs to modernize its #FileSecurity: www.reversinglabs.com/blog/ai-file... #Cybersecurity

OWASP tackles AI risk in bold new push | ReversingLabs The Open Worldwide Application Security Project now includes an Agentic Top 10, an AI testing guide, and an AI vulnerability scoring tool.

🤖 @owasp.org has released a top 10 list of security risks for #AgenticAI, an AI testing guide, & an #AI vulnerability assessment tool. Here's what you need to know regarding the new #AISecurity efforts: https://bit.ly/4qfBxGo

🪱 @forbes.com spoke with RL co-founder & CSA Tomislav Peričin about the 2nd wave of the malicious Shai-hulud worm that hit #npm: https://bit.ly/4pHZoyC