Karlo Zanki

Karlo Zanki
Reverse Engineer at ReversingLabs

Recent Posts from Karlo Zanki

September 23, 2022

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

ReversingLabs has discovered a malicious npm package disguised as the software tool Material Tailwind. Here's an in-depth look at our discovery — and threat analysis. (Updated with MachO executable information.)
August 29, 2022

New malicious packages in PyPI: What it means for securing open source repositories

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.
July 12, 2022

IconBurst npm software supply chain attack grabs data from apps and websites

ReversingLabs researchers uncovered a campaign to install malicious NPM modules harvesting sensitive data from forms embedded in mobile apps and websites.
June 2, 2022

Go below the surface on tampering: The trouble with software integrity validation

The growing number of software supply chain attacks is putting pressure on validation of software integrity
June 1, 2022

Coinminer and npm: What you see is not always what you get

Source code analysis is always useful. It helps you detect threats early in the dev process. But it shouldn’t be the only tool in your security arsenal.
June 1, 2022

Beware: Overpowered plug-ins like PyPI can burn it all down

Here's why your software development team needs to think twice before using a powerful third-party plug-in.