December 19, 2022

SentinelSneak: Malicious PyPI module poses as security SDK

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
December 14, 2022

Ahoy! More insecure code washes ashore with AlphaCode

Here comes AlphaCode: Another AI code-generating parlor trick spitting out vulnerabilities. Is your software security team ready for the onslaught?
December 7, 2022

ChatGPT: Parlor trick or Stack Overflow replacement?

The initial flush of enthusiasm for ChatGPT has waned. And quite a few of the bugs in the buggy code it spits out are exploitable security vulnerabilities.
December 7, 2022

The state of software supply chain security report: Top takeaways for software development teams

With supply chain attacks surging, now is the time to reflect — and look forward. ReversingLabs’ new report explores trends, best practices and more.
December 1, 2022

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment. 
December 1, 2022

Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security

One year ago, a vulnerability in Apache’s Log4j turned the security world on its ear. What has changed since then? Here are the key takeaways from Log4Shell's legacy.