A new guide on #threatmodeling for the cloud in the era of AI has been released by the CSA. It calls out that existing security practices aren't cutting it for the new era: https://bit.ly/447HlJD #AISecurity #CloudSecurity #SoftwareSupplyChainSecurity

🚨 AI has redefined software risk — shaping how both attackers & defenders operate. Register now to get the breakdown on these shifting dynamics: https://bit.ly/4oqSV9T #AISecurity #SoftwareSupplyChainSecurity #AppSec

RL researchers have found 19 #VSCode extensions belonging to a campaign that's been running since February 2025 containing hidden malware masquerading as a picture: secure.software/vscode/packa...

🎉 ConversingLabs #Podcast has been featured in FeedSpot's list of 10 best #IncidentResponse podcasts! The show features some of the best experts in #cybersecurity. 🎧 Listen wherever you get your podcasts: https://bit.ly/443uzMd

🔎 ICYMI: The newly-released ReversingLabs Browser Extension empowers customers to operationalize the RL #threatintelligence cloud in new & powerful ways 👉 https://bit.ly/4iu5Xlw #threathunting #SOC

⚠️ RL researchers have discovered vulnerable code in legacy #Python packages that could make possible an attack on #PyPI via a domain compromise: https://bit.ly/48jatP4

👀 Blog with full details & more updates can be found here: t.co/YP35k2Mweq #npm #OSS #SoftwareSupplyChainSecurity

⚠️ RL automated threat detection system has flagged a new wave of Shai-hulud #npm packages. Look out for RL's TH15502 policy violation on secure.software. The campaign affects popular [@]asyncapi packages with millions of downloads. Example: secure.software/npm/packages... #Dev #Cybersecurity

🚩 RL researchers have discovered a new malicious #VSCode extension that uses an interesting technique to execute the malicious code: secure.software/vscode/packa...

@owasp.org has proposed an update to its Top 10 list, which serves as a global standard for #AppSec. Here's what experts are saying about it: https://bit.ly/4iasFPq #SoftwareSupplyChainSecurity #DevSecOps

#AIcoding assistants aren’t just creating code 10x faster; they’re also introducing software quality & security issues at similarly blistering velocity: https://bit.ly/48ahUby #AppSec #DevSecOps

📣 The RL Browser Extension is now available in both the Google Chrome & Microsoft Edge stores. It adds contextual #ThreatIntel to all browser based workflows (EDR, XDR, SIEM, etc): https://bit.ly/3XyIYvZ #SecOps

📣 ICYMI: Devs can now vet the security of #PowerShell modules for free with secure.software. Try it now & learn more: https://bit.ly/484lK64

📆 This Wednesday: Join us to learn why it's time for #ZeroTrust in #SoftwareSupplyChainSecurity 👉 https://bit.ly/4hYBJXF

Our latest #ConversingLabs #podcast is livestreaming now. Host Carolynn Van Arsdale is interviewing @ncstate.bsky.social professor Laurie Williams and Ph.D student Sivana Hamer on their new report on the effectiveness of software supply chain security frameworks... www.youtube.com/live/PxqYrnZ...

#OpenSource powers nearly every modern app, but behind the commits - maintainers quietly fight an uphill battle. Join us next week to learn how we can build a more secure, sustainable, & human-centered future for #OSS: https://bit.ly/4qS4Sbj #SoftwareSupplyChainSecurity #DevSecOps

Google, OpenAI, Meta, & others have been aggressively pursuing efforts to automate the discovery of software flaws using #AI. While innovative - it's inundating #OSS maintainers. Could AI-enabled fixes be the answer? #DevSecOps #AppSec https://bit.ly/4p09lXs

🔖 Cloud Security Alliance released Risk Rubric, a tool that acts as an #AI leaderboard that grades LLMs from A-F across 6 risk pillars. Here's what experts are saying about it: https://bit.ly/47ZNKJ1 #AISecurity #LLMSecurity

Vendors are beginning to release purpose-built tools to #dev teams that are meant to tame #VibeCoding. But do they provide comprehensive control? ➡️ https://bit.ly/47PGluO #DevSecOps #AppSec

🔍 While macOS #malware is less widespread than Windows malware, the ability to identify, detect, & classify old & new threats alike is increasingly important. That's where #YARArules come into play: https://bit.ly/4nJKq9I

🎙️In the latest episode of ConversingLabs #Podcast, @bugcrowd.com founder @cje.io discusses AI's impact on vulnerability management: bit.ly/43O0vnx

#WeaselStore is an #infostealer used by the #APT group #DeceptiveDevelopment, which targets developers on multiple systems in web & cryptocurrency. Protect yourself by deploying our public #YARArules: https://bit.ly/3x34FdW

⚠️ RL researchers have observed an attack vector on #PowerShell known as command hijacking that enables clobbering: https://bit.ly/3X7Ct38 #OpenSource #SoftwareSupplyChainSecurity

EggStremeFuel is a #backdoor that is part of a file-less #malware framework used by a Chinese #APT group, which recently attacked a military company in the Philippines. Don't become a victim, deploy our public #YARArules: https://bit.ly/3x34FdW

🛡️ Shout out to RL community manager @kadigrigg.bsky.social for taking part in this #cybersecurity panel at the rvatech/ #WomenInTech conference!

⚠️ AI is producing code up to 4 times faster — but with 10 times more #AppSec lapses: https://bit.ly/49un2cH #AIcoding #DevSecOps

RL's research team analyzed 4 #STDGroup-operated RATs, which yielded file indicators to better detect the #malware, plus 2 #YARArules: https://bit.ly/4npaWov

While new efforts on #npm such as 2FA & trusted publishing help, you need visibility into how #OpenSource packages behave — not just who is publishing: https://bit.ly/42YCNoq #DevSecOps

📆 This Thursday, dive into the anatomy of real-world software supply chain attacks like Shai-hulud, Qix & the Salesloft/Drift compromise: https://bit.ly/47r2Wxc #SoftwareSupplyChainSecurity #DevSecOps #AppSec

🪝 MalDocs are a common #phishing lure. Here's how RL Spectra Analyze can be used to triage this #malware & identify related samples locally: https://bit.ly/47qqkLD #Cybersecurity

🤖 Use of AI in container workloads is growing — but security is not native. That makes additional controls essential: https://bit.ly/473tFBf #ContainerSecurity #AppSec #AISecurity

The #SOC needs multiple vantage points when investigating #malware. Use this link to get all the new updates for RL's #MalwareAnalysis & #ThreatHunting capabilities: https://bit.ly/4ovf1ID

RL recently introduced significant updates to its #MalwareAnalysis & #ThreatHunting portfolio, adding new AI-driven & Kubernetes-ready capabilities. Join us this Friday to learn more: https://bit.ly/47pe4ff

⚠️ RL researchers have discovered a malicious #NuGet package that is impersonating "Netherum," a popular #Ethereum library. It has over 10M downloads, but these are most definitely artificially inflated: secure.software/nuget/packag...

⚠️ Turns out that #MCP servers have a credentials problem, with over half of open-source implementations using credentials that rely on insecure, long-lived, static secrets: https://bit.ly/3WHbXgJ #AppSec #AISecurity

🤔 Application security posture management (#ASPM) is only as good as the technology it depends on. Learn why binary analysis & reproducible builds are key for #AppSec: https://bit.ly/3W3vw2H

🔥 When it comes to #GRC, open source software (#OSS) is in the hot seat. Register for this live session, ft. #OpenSource legal experts: https://bit.ly/46QTxjD

Veaty is a #backdoor used in targeted attacks against multiple Iraqi entities. It utilizes emails to communicate with its C2, & disables certificate verification. Protect yourself by deploying our public #YARArules: https://bit.ly/3x34FdW #Malware #ThreatHunting

🤝 When the RL ICAP Server is integrated with the Kiteworks ICAP Client, organizations achieve a highly fortified file exchange ecosystem: https://bit.ly/43hr3NC #Cybersecurity #ThreatIntel #FileSecurity

#OSS supply chain attacks aren't going away anytime soon. And with fewer young people becoming maintainers, the future of #OpenSource is uncertain. Watch the newest episode of ConversingLabs #podcast, or listen wherever you get your favorite shows: https://bit.ly/3WzF8SV

🤖 Apps made using #VibeCoding can be a minefield for #AppSec teams, especially when non-#Dev users don't understand #AIcoding security risks: https://bit.ly/4o93T4N

#BPFDoor is a #Linux #backdoor used by the Chinese #APT group #RedMenshen in targeted attacks against multiple industries. It utilizes BPF to remain undetected. Protect yourself by deploying our public #YARArules: https://bit.ly/3x34FdW

⚠️ RL researchers detected a malicious Phantom dApp: phantom.com/apps/claimyo... The application claimyoursols.app seems to be fairly used in the #blockchain community. #Dev #Malware

Our @cyberalliance.bsky.social member @reversinglabs.com article on vibe coding www.linkedin.com/pulse/vibe-c... #cybersecurity #supplychain #vibecoding

🔨 Built-in security can play a role — & fits with the #SecureByDesign concept — but robust #cybersecurity controls remain essential: https://bit.ly/4o9vceu

🐝 Attack surface management (ASM) isn’t just another buzzword. It represents a fundamental shift in #cybersecurity strategy, especially with risks from #GenAI & #AICoding on the rise: https://bit.ly/4nAWRoZ

A malicious #MCP package was found on #npm last week by researchers at Koi. While MCP servers are believed to be "the next big thing" for #AI innovation, this incident has some sobering ramifications for #AppSec teams: https://bit.ly/3VTkAoc

📣 We're excited to announce RL's new partnership with Command Zero, the autonomous #cybersecurity investigation platform. Learn how this partnership is essential for the #SOC: https://bit.ly/4qgGKyP

📆 Join RL this Thursday as we dissect 5 malicious campaigns investigated by our threat researchers since June: https://bit.ly/42lvKWo Topics will include the Shai-hulud worm on #npm, malicious campaigns on #VSCode, & the abuse of #Ethereum smart contracts.

🔎 RL’s Advanced Search is a powerful feature that can gather related samples for #ThreatHunting in your environment. Here's an example: https://bit.ly/48d5ZLQ #ThreatIntel #Cybersecurity #Malware