February 20, 2024

Attackers leverage PyPI to sideload malicious DLLs

RL discovered two malicious PyPI packages and a larger subsequent campaign of packages — highlighting that DLL sideloading is an emerging method for software supply chain attacks.
January 23, 2024

GitGot: GitHub leveraged to store stolen data

ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.
January 3, 2024

The state of container security: 5 key steps to lock down releases

Here are best practices — and recommendations for tooling — to modernize your software supply chain security approach.
November 14, 2023

8 CI/CD security best practices: Protect your software pipeline

Don't neutralize CI/CD business gains by failing to account for risk. Here are eight best practices to ensure your software development pipeline is secure.
October 19, 2023

Rust on Android goes bare metal: 3 key security benefits

Using Rust in bare-metal applications will make Android a safer platform — and have a broader impact on the Rust community. Here are three key takeaways.
March 27, 2023

VS Code hack shows how supply chain attacks can spread

The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.