Develop Secure Software logo
XZ Trojan highlights supply chain risk from 'sock puppets'
April 11, 2024

XZ Trojan highlights supply chain risk from 'sock puppets'

There is no fool-proof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three key indicators. 
Read More
Suspicious NuGet package grabs data from industrial systems
March 26, 2024

Suspicious NuGet package grabs data from industrial systems

Espionage has long been a driver for malicious cyber campaigns. Here's what the RL research team knows about the suspicious SqzrFramework480 campaign.
Read More
BIPClip: Malicious PyPI packages target crypto wallets
March 12, 2024

BIPClip: Malicious PyPI packages target crypto wallets

RL has discovered a campaign using malicious PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases used for crypto wallet recovery.
Read More
Attackers leverage PyPI to sideload malicious DLLs
February 20, 2024

Attackers leverage PyPI to sideload malicious DLLs

RL discovered two malicious PyPI packages and a larger subsequent campaign of packages — highlighting that DLL sideloading is an emerging method for software supply chain attacks.
Read More
GitGot: GitHub leveraged to store stolen data
January 23, 2024

GitGot: GitHub leveraged to store stolen data

ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.
Read More
VS Code hack shows how supply chain attacks can spread
March 27, 2023

VS Code hack shows how supply chain attacks can spread

The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.