🤖 A new report on #AIsecurity from the Cloud Security Alliance finds that enterprise governance of #AI usage & potential threats makes a huge difference: https://bit.ly/459MYrk

🚨New Feature Alert: secure.software now offers free, single click #SBOM delivery in the CycloneDX format. See it in action: app.arcade.software/share/oBBgnr... #Dev #AppSec #DevSecOps

📆 Next Thursday: RL researchers break down real-world campaigns uncovered in the closing months of 2025 across NuGet, PyPI, PowerShell & VS Code: https://bit.ly/4sCIh3f #SoftwareSupplyChainSecurity #Dev #Cybersecurity

⚠️ According to a recent report from the Google Threat Intelligence Group, adversaries are now deploying novel #AI-enabled #malware in active operations: https://bit.ly/45v4FBR #Cybersecurity

⛓️‍💥 Eligibility for #CyberInsurance could hinge on the strength of #SoftwareSupplyChainSecurity & third-party risk management controls: https://bit.ly/3NmbJu5 #Cybersecurity #DevSecOps

🧵Introducing: 🚨New Feature Alert → a series dedicated to RL product updates! This week, we’re excited to unveil a dedicated #Malware page in the RL-SAFE Report: app.arcade.software/share/H7euVM... #SoftwareSupplyChainSecurity #DevSecOps

😵‍💫 #AI technical debt is all the more perilous for being poorly understood. Learn how it forms & can fuel a breach your org can't afford: https://bit.ly/4qHPL3d #AISecurity #Cybersecurity

🔎 In the next installment of the RL Researcher's Notebook series, #malware analyst Rob Simmons unpacks the malicious Windows packer ‘pkr_mtsi’. Read on to learn about it's evolution, & access a #YARA rule for it: https://bit.ly/3YrHvrW #Cybersecurity

⛓️ The open-source SF² presents security scaling as a strategic resource-allocation challenge rather than a staffing problem. Here's how it helps: https://bit.ly/3YijlQz #SoftwareSupplyChainSecurity #DevSecOps #CISO

🤖 As cyber attacks become #AI-optimized & internal AI use rises, enterprises are scrambling to secure files. Here's why your org needs to modernize its #FileSecurity: www.reversinglabs.com/blog/ai-file... #Cybersecurity

🤖 @owasp.org has released a top 10 list of security risks for #AgenticAI, an AI testing guide, & an #AI vulnerability assessment tool. Here's what you need to know regarding the new #AISecurity efforts: https://bit.ly/4qfBxGo

🪱 @forbes.com spoke with RL co-founder & CSA Tomislav Peričin about the 2nd wave of the malicious Shai-hulud worm that hit #npm: https://bit.ly/4pHZoyC

⚠️ RL researchers have discovered 14 malicious #NuGet packages that impersonate #crypto-related tools. Each delivers #malware that steals either wallet info, crypto-funds, or Google Ads OAuth credentials: https://bit.ly/4pILLiV

Pairing RL Spectra Assure for #SoftwareSupplyChainSecurity with an #EDR solution like #CrowdStrike Falcon offers robust third-party software risk management.👇 https://bit.ly/48GeONR

📣 RL has won the 2025 Intellyx Digital Innovator Award! We are so appreciative. #Cybersecurity

@invisig0th.bsky.social underscores why security frameworks are a starting point, not a finish line. Strong supply-chain security is in the execution. Read more from @reversinglabs.com: www.reversinglabs.com/blog/securit...

🪖 RL chief trust officer Sasa Zdjelar reflects on the new #SBOM requirements coming for the U.S. military’s use of #AI: https://bit.ly/3MxUZzE

🔎 #VirusTotal isn't the only option for your #ThreatIntel needs. As a matter of fact, there's an even better #VirusTotalAlternative out there: Us. See why: https://bit.ly/3MkWQb5

Further details about this malicious campaign on #VSCode are now available at RL Blog: www.reversinglabs.com/blog/malicio... #Dev #DevSecOps #Cybersecurity

🛡️ #AI is poised to reshape the #SOC, from alleviating alert fatigue to streamlining manual workflows: https://bit.ly/3KwXl1d #Cybersecurity #SecOps

📆 Happening in 1 week: A live roundup of 2025's #SoftwareSupplyChain breaches. Register: https://bit.ly/4iLpa2t #DevSecOps #Dev #Cybersecurity

This Friday, we'll break down how to build a custom #ThreatIntel feed that reduces noise, improves data quality, & supports #AI-driven #SecOps: https://bit.ly/48jBXWb

📣 RL has just pushed out an update to detect the #React2Shell vulnerability. It has a CVSS score of 10, & it’s a pre-authentication vuln that allows RCE in web apps using a specific version of the extremely popular #React framework. #Dev #AppSec

⛓️‍💥 Can frameworks stop software supply chain attacks? We ask this in the latest episode of ConversingLabs #podcast: https://bit.ly/3MferkI #Cybersecurity #SoftwareSupplyChainSecurity #GRC

A new guide on #threatmodeling for the cloud in the era of AI has been released by the CSA. It calls out that existing security practices aren't cutting it for the new era: https://bit.ly/447HlJD #AISecurity #CloudSecurity #SoftwareSupplyChainSecurity

🚨 AI has redefined software risk — shaping how both attackers & defenders operate. Register now to get the breakdown on these shifting dynamics: https://bit.ly/4oqSV9T #AISecurity #SoftwareSupplyChainSecurity #AppSec

RL researchers have found 19 #VSCode extensions belonging to a campaign that's been running since February 2025 containing hidden malware masquerading as a picture: secure.software/vscode/packa...

🎉 ConversingLabs #Podcast has been featured in FeedSpot's list of 10 best #IncidentResponse podcasts! The show features some of the best experts in #cybersecurity. 🎧 Listen wherever you get your podcasts: https://bit.ly/443uzMd

🔎 ICYMI: The newly-released ReversingLabs Browser Extension empowers customers to operationalize the RL #threatintelligence cloud in new & powerful ways 👉 https://bit.ly/4iu5Xlw #threathunting #SOC

⚠️ RL researchers have discovered vulnerable code in legacy #Python packages that could make possible an attack on #PyPI via a domain compromise: https://bit.ly/48jatP4

👀 Blog with full details & more updates can be found here: t.co/YP35k2Mweq #npm #OSS #SoftwareSupplyChainSecurity

⚠️ RL automated threat detection system has flagged a new wave of Shai-hulud #npm packages. Look out for RL's TH15502 policy violation on secure.software. The campaign affects popular [@]asyncapi packages with millions of downloads. Example: secure.software/npm/packages... #Dev #Cybersecurity

🚩 RL researchers have discovered a new malicious #VSCode extension that uses an interesting technique to execute the malicious code: secure.software/vscode/packa...

@owasp.org has proposed an update to its Top 10 list, which serves as a global standard for #AppSec. Here's what experts are saying about it: https://bit.ly/4iasFPq #SoftwareSupplyChainSecurity #DevSecOps

#AIcoding assistants aren’t just creating code 10x faster; they’re also introducing software quality & security issues at similarly blistering velocity: https://bit.ly/48ahUby #AppSec #DevSecOps

📣 The RL Browser Extension is now available in both the Google Chrome & Microsoft Edge stores. It adds contextual #ThreatIntel to all browser based workflows (EDR, XDR, SIEM, etc): https://bit.ly/3XyIYvZ #SecOps

📣 ICYMI: Devs can now vet the security of #PowerShell modules for free with secure.software. Try it now & learn more: https://bit.ly/484lK64

📆 This Wednesday: Join us to learn why it's time for #ZeroTrust in #SoftwareSupplyChainSecurity 👉 https://bit.ly/4hYBJXF

Our latest #ConversingLabs #podcast is livestreaming now. Host Carolynn Van Arsdale is interviewing @ncstate.bsky.social professor Laurie Williams and Ph.D student Sivana Hamer on their new report on the effectiveness of software supply chain security frameworks... www.youtube.com/live/PxqYrnZ...

#OpenSource powers nearly every modern app, but behind the commits - maintainers quietly fight an uphill battle. Join us next week to learn how we can build a more secure, sustainable, & human-centered future for #OSS: https://bit.ly/4qS4Sbj #SoftwareSupplyChainSecurity #DevSecOps

Google, OpenAI, Meta, & others have been aggressively pursuing efforts to automate the discovery of software flaws using #AI. While innovative - it's inundating #OSS maintainers. Could AI-enabled fixes be the answer? #DevSecOps #AppSec https://bit.ly/4p09lXs

🔖 Cloud Security Alliance released Risk Rubric, a tool that acts as an #AI leaderboard that grades LLMs from A-F across 6 risk pillars. Here's what experts are saying about it: https://bit.ly/47ZNKJ1 #AISecurity #LLMSecurity

Vendors are beginning to release purpose-built tools to #dev teams that are meant to tame #VibeCoding. But do they provide comprehensive control? ➡️ https://bit.ly/47PGluO #DevSecOps #AppSec

🔍 While macOS #malware is less widespread than Windows malware, the ability to identify, detect, & classify old & new threats alike is increasingly important. That's where #YARArules come into play: https://bit.ly/4nJKq9I

🎙️In the latest episode of ConversingLabs #Podcast, @bugcrowd.com founder @cje.io discusses AI's impact on vulnerability management: bit.ly/43O0vnx

#WeaselStore is an #infostealer used by the #APT group #DeceptiveDevelopment, which targets developers on multiple systems in web & cryptocurrency. Protect yourself by deploying our public #YARArules: https://bit.ly/3x34FdW

⚠️ RL researchers have observed an attack vector on #PowerShell known as command hijacking that enables clobbering: https://bit.ly/3X7Ct38 #OpenSource #SoftwareSupplyChainSecurity

EggStremeFuel is a #backdoor that is part of a file-less #malware framework used by a Chinese #APT group, which recently attacked a military company in the Philippines. Don't become a victim, deploy our public #YARArules: https://bit.ly/3x34FdW

🛡️ Shout out to RL community manager @kadigrigg.bsky.social for taking part in this #cybersecurity panel at the rvatech/ #WomenInTech conference!

⚠️ AI is producing code up to 4 times faster — but with 10 times more #AppSec lapses: https://bit.ly/49un2cH #AIcoding #DevSecOps