BSIMM16 reinforces that #AIcoding is the new reality — and it will further destabilize #softwaresupplychainsecurity. So step up your #AppSec. 👇 www.reversinglabs.com/blog/bsimm16...

🚨 RL researchers discovered a malicious package impersonating a legitimate Stripe package on #NuGet — marking a move away from blockchain-related targets while staying focused on financial development tools. Read here: www.reversinglabs.com/blog/malicio...

ReversingLabs' Ashlee Benge shares how to use YARA retrohunting for detection engineering by leverageing RL's dynamic analysis of "pkr_mtsi" for defense in Spectra Analyze. 👉 hubs.ly/Q043qJY-0 #yararules #detectionengineering #malwareanalysis

⚠️ RL #ThreatResearch: A new branch of a fake job recruitment campaign by the NK Lazarus Group, dubbed "graphalgo," is targeting #Javascript & #Python devs with a remote access trojan (RAT). Read more: hubs.ly/Q042HLPR0

⛓️ The recent compromise of Notepad++ underscores supply chain attack method diversification. It also serves as a reminder for why going beyond implicit trust is a must: hubs.ly/Q041-Cb30 #SoftwareSupplyChainSecurity #AppSec #DevSecOps

🤖 #MCP provides a standardized way for #AI agents to connect directly to apps, tools, & data sources. But because they have real authority, they're attractive targets. The new Vulnerable MCP Servers Lab aims to solve this: https://bit.ly/3MaNXAY

Open-source attacks move through normal development workflows 📖 Read more: www.helpnetsecurity.com/2026/02/03/o... #cybersecurity #cybersecuritynews #opensource #supplychain #vulnerabilitymanagement @reversinglabs.com

🪞We looked back on what we predicted the #SoftwareSupplyChainSecurity threat landscape would be in 2025. Here's what we got right — & wrong: https://bit.ly/49UKS19

⛓️‍💥 Former CEO & founder of Black Duck Software Doug Levin writes in his Substack how trust in the reliability of the #SoftwareSupplyChain has sharply deteriorated: https://bit.ly/4qLx66N

🔎 In the latest edition of the RL Researcher's Notebook Series, #malware analyst Robert Simmons offers a deep dive of the recent #EmEditor supply chain compromise: https://bit.ly/4rgniBK

The #StrangerThings concept of the “Upside Down” is a pretty useful way to think about the risks lurking in the software we all rely on. A new report from @reversinglabs.com shines a light into that dark world. #appsec #softwaresupplychain securityledger.com/2026/01/tech...

Open-source malware zeroes in on developer environments 📖 Read more: www.helpnetsecurity.com/2026/01/29/r... #cybersecurity #cybersecuritynews #opensource #malware @reversinglabs.com

🤖 #AI tools are making #Rust a favorite language of devs — even those maintaining codebases like Microsoft’s. Keep reading to learn how #AIcoding bolsters Rust: https://bit.ly/49O7wIs

📣 RL's 4th annual report on the state of #SoftwareSupplyChainSecurity is now available: https://bit.ly/3Fq6F3W #AppSec #DevSecOps

🐍 @python.org announced a 2-year partnership with #Anthropic, which will contribute $1.5 million to support the foundation's security initiatives for #PyPI: https://bit.ly/4a6uvhU

CTA has "helped raise the bar for collaboration across the cybersecurity community, demonstrating that sharing does not weaken competitive advantage — it strengthens collective resilience" @reversinglabs.com tinyurl.com/6xtnck5y #CTA9Years #strongertogether #cybersecurity #threatintelligence

NIST has broadened the Secure Software Development Framework (SSDF) to include the full SDLC. Here's what your #AppSec team needs to know: https://bit.ly/3ZksCbk #DevSecOps #SoftwareSupplyChainSecurity

📝 The Cyber Resilience Act legally obliges software producers to create, maintain, & retain an #SBOM for all products with digital elements marketed within the EU. Here's what you need to know: https://bit.ly/4b4XSSV

🤖 A new report on #AIsecurity from the Cloud Security Alliance finds that enterprise governance of #AI usage & potential threats makes a huge difference: https://bit.ly/459MYrk

🚨New Feature Alert: secure.software now offers free, single click #SBOM delivery in the CycloneDX format. See it in action: app.arcade.software/share/oBBgnr... #Dev #AppSec #DevSecOps

📆 Next Thursday: RL researchers break down real-world campaigns uncovered in the closing months of 2025 across NuGet, PyPI, PowerShell & VS Code: https://bit.ly/4sCIh3f #SoftwareSupplyChainSecurity #Dev #Cybersecurity

⚠️ According to a recent report from the Google Threat Intelligence Group, adversaries are now deploying novel #AI-enabled #malware in active operations: https://bit.ly/45v4FBR #Cybersecurity

⛓️‍💥 Eligibility for #CyberInsurance could hinge on the strength of #SoftwareSupplyChainSecurity & third-party risk management controls: https://bit.ly/3NmbJu5 #Cybersecurity #DevSecOps

🧵Introducing: 🚨New Feature Alert → a series dedicated to RL product updates! This week, we’re excited to unveil a dedicated #Malware page in the RL-SAFE Report: app.arcade.software/share/H7euVM... #SoftwareSupplyChainSecurity #DevSecOps

😵‍💫 #AI technical debt is all the more perilous for being poorly understood. Learn how it forms & can fuel a breach your org can't afford: https://bit.ly/4qHPL3d #AISecurity #Cybersecurity

🔎 In the next installment of the RL Researcher's Notebook series, #malware analyst Rob Simmons unpacks the malicious Windows packer ‘pkr_mtsi’. Read on to learn about it's evolution, & access a #YARA rule for it: https://bit.ly/3YrHvrW #Cybersecurity

⛓️ The open-source SF² presents security scaling as a strategic resource-allocation challenge rather than a staffing problem. Here's how it helps: https://bit.ly/3YijlQz #SoftwareSupplyChainSecurity #DevSecOps #CISO

🤖 As cyber attacks become #AI-optimized & internal AI use rises, enterprises are scrambling to secure files. Here's why your org needs to modernize its #FileSecurity: www.reversinglabs.com/blog/ai-file... #Cybersecurity

🤖 @owasp.org has released a top 10 list of security risks for #AgenticAI, an AI testing guide, & an #AI vulnerability assessment tool. Here's what you need to know regarding the new #AISecurity efforts: https://bit.ly/4qfBxGo

🪱 @forbes.com spoke with RL co-founder & CSA Tomislav Peričin about the 2nd wave of the malicious Shai-hulud worm that hit #npm: https://bit.ly/4pHZoyC

⚠️ RL researchers have discovered 14 malicious #NuGet packages that impersonate #crypto-related tools. Each delivers #malware that steals either wallet info, crypto-funds, or Google Ads OAuth credentials: https://bit.ly/4pILLiV

Pairing RL Spectra Assure for #SoftwareSupplyChainSecurity with an #EDR solution like #CrowdStrike Falcon offers robust third-party software risk management.👇 https://bit.ly/48GeONR

📣 RL has won the 2025 Intellyx Digital Innovator Award! We are so appreciative. #Cybersecurity

@invisig0th.bsky.social underscores why security frameworks are a starting point, not a finish line. Strong supply-chain security is in the execution. Read more from @reversinglabs.com: www.reversinglabs.com/blog/securit...

🪖 RL chief trust officer Sasa Zdjelar reflects on the new #SBOM requirements coming for the U.S. military’s use of #AI: https://bit.ly/3MxUZzE

🔎 #VirusTotal isn't the only option for your #ThreatIntel needs. As a matter of fact, there's an even better #VirusTotalAlternative out there: Us. See why: https://bit.ly/3MkWQb5

Further details about this malicious campaign on #VSCode are now available at RL Blog: www.reversinglabs.com/blog/malicio... #Dev #DevSecOps #Cybersecurity

🛡️ #AI is poised to reshape the #SOC, from alleviating alert fatigue to streamlining manual workflows: https://bit.ly/3KwXl1d #Cybersecurity #SecOps

📆 Happening in 1 week: A live roundup of 2025's #SoftwareSupplyChain breaches. Register: https://bit.ly/4iLpa2t #DevSecOps #Dev #Cybersecurity

This Friday, we'll break down how to build a custom #ThreatIntel feed that reduces noise, improves data quality, & supports #AI-driven #SecOps: https://bit.ly/48jBXWb

📣 RL has just pushed out an update to detect the #React2Shell vulnerability. It has a CVSS score of 10, & it’s a pre-authentication vuln that allows RCE in web apps using a specific version of the extremely popular #React framework. #Dev #AppSec

⛓️‍💥 Can frameworks stop software supply chain attacks? We ask this in the latest episode of ConversingLabs #podcast: https://bit.ly/3MferkI #Cybersecurity #SoftwareSupplyChainSecurity #GRC

A new guide on #threatmodeling for the cloud in the era of AI has been released by the CSA. It calls out that existing security practices aren't cutting it for the new era: https://bit.ly/447HlJD #AISecurity #CloudSecurity #SoftwareSupplyChainSecurity

🚨 AI has redefined software risk — shaping how both attackers & defenders operate. Register now to get the breakdown on these shifting dynamics: https://bit.ly/4oqSV9T #AISecurity #SoftwareSupplyChainSecurity #AppSec

RL researchers have found 19 #VSCode extensions belonging to a campaign that's been running since February 2025 containing hidden malware masquerading as a picture: secure.software/vscode/packa...

🎉 ConversingLabs #Podcast has been featured in FeedSpot's list of 10 best #IncidentResponse podcasts! The show features some of the best experts in #cybersecurity. 🎧 Listen wherever you get your podcasts: https://bit.ly/443uzMd

🔎 ICYMI: The newly-released ReversingLabs Browser Extension empowers customers to operationalize the RL #threatintelligence cloud in new & powerful ways 👉 https://bit.ly/4iu5Xlw #threathunting #SOC

⚠️ RL researchers have discovered vulnerable code in legacy #Python packages that could make possible an attack on #PyPI via a domain compromise: https://bit.ly/48jatP4

👀 Blog with full details & more updates can be found here: t.co/YP35k2Mweq #npm #OSS #SoftwareSupplyChainSecurity

⚠️ RL automated threat detection system has flagged a new wave of Shai-hulud #npm packages. Look out for RL's TH15502 policy violation on secure.software. The campaign affects popular [@]asyncapi packages with millions of downloads. Example: secure.software/npm/packages... #Dev #Cybersecurity