April 18, 2024

OWASP looks to future-proof SBOMs with CycloneDX 1.6

OWASP is upgrading the SBOM standard for the quantum era, adding ML-readable attestation and more. Here's how it boosts software supply chain security.
April 11, 2024

XZ Trojan highlights supply chain risk from 'sock puppets'

There is no fool-proof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three key indicators. 
March 26, 2024

Suspicious NuGet package grabs data from industrial systems

Espionage has long been a driver for malicious cyber campaigns. Here's what the RL research team knows about the suspicious SqzrFramework480 campaign.
March 21, 2024

Memory-safety and security by design: Key insights, lessons

Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.
March 5, 2024

NIST updates guidance: 3 ways to pump up your CI/CD security

The National Institute of Standards and Technology has beefed up its guidelines for securing CI/CD environments. Are you ready to bulk up your program?
February 20, 2024

Attackers leverage PyPI to sideload malicious DLLs

RL discovered two malicious PyPI packages and a larger subsequent campaign of packages — highlighting that DLL sideloading is an emerging method for software supply chain attacks.