ReversingLabs

📍Thanks to our amazing team for all of their hard work at #BlackHat this week & thanks to all who have chatted with us! 🤝 #AppSec #DevSecOps #SoftwareSupplyChainSecurity

ICYMI: RL's @paulroberts.bsky.social speaks with
@silascutler.bsky.social utler.bsky.social & @gigastacey.bsky.social bsky.social at #BSidesLV about the threats posed to end-of-life #EoL equipment. Watch the full talk here: bit.ly/45EwYhs

🫶 Huge thanks to @shehackspurple.bsky.social
for joining us at #BlackHat booth 3261 yesterday! She spoke with attendees about her essential book: Alice & Bob Learn #SecureCoding. Go Tanya 💯

OWASP targets agentic AI risk with AIVSS vulnerability scoring | ReversingLabs The new AI Vulnerability Scoring System (AIVSS) picks up where the Common Vulnerability Scoring System (CVSS) falls short.

🤖 The new AI Vulnerability Scoring System (AIVSS) from
@owasp.org aims to pick up what the #CVSS falls short on for #AI. Here's what #AppSec experts are saying.👇 www.reversinglabs.com/blog/owasp-a...

How to implement Policy as Code for a more secure SDLC | ReversingLabs Policy as Code is emerging as a key area of focus for application security teams in the age of cloud-native software development. But implementation can be daunting.

✍️ #PolicyAsCode #PaC is emerging as a key area of focus for #AppSec in the age of cloud-native software development, but putting it into practice remains a challenge.👇 www.reversinglabs.com/blog/policy-...

We had to! 😂 Stop by RL #BlackHat booth 3261 this week for a chance to win a #Labubu.

Black Hat 2025: 9 must-see talks Another Hacker Summer Camp is almost here — and if you’re attending, you want to make the most of it. Here is a shortlist of talks.

☀️ #HackerSummerCamp is almost here. If you’re attending, you want to make the most of it. Check out this list of #BlackHat talks you should attend.👇 www.linkedin.com/pulse/black-...

☀️ Start off #HackerSummerCamp right with this @bsideslv.org
panel: #EOL Equipment should not mean End of Life (Your Life), ft. @paulroberts.bsky.social, @silascutler.bsky.social & @gigastacey.bsky.social. #BSidesLV

The true cost of CVEs: Why you need to shift beyond vulnerabilities Triaging and patching, plus meeting compliance demands, all bog down modern software teams — and divert time away from development.

Triaging & patching CVEs, plus meeting compliance demands, all bog down modern software teams. Here's what #AppSec & #Dev teams need to know. 👇 www.reversinglabs.com/blog/the-tru...

Register: ICAP + Deep Cloud Malware Detection Revolution Learn how Spectra Detect v5.5’s ICAP & Deep Cloud Analysis transforms malware detection and secures enterprise networks at scale.

👀 RL Spectra Detect v5.5 is transforming enterprise #malware detection. Register for this live deep-dive on the technology to learn more.👇 www.reversinglabs.com/webinar/icap...

📆 Happening this Friday at
BSides Albuquerque: @kadigrigg.bsky.social
will be taking the stage for her talk - Trail Blazing: Lessons from the Oregon Trail for a Secure Software Supply Chain. Learn more: bit.ly/410BILC #BSidesABQ #AppSec #OpenSourceSecurity

Register: 2025 DBIR & Third Party Breach Risk Third-party breaches doubled last year. Join RL and Verizon DBIR co-author Philippe Langlois to unpack the latest trends in software supply chain attacks.

The 2025 Verizon Data Breach Investigations Report #DBIR reveals a 100% increase in third-party breaches. Join this talk next Wednesday to learn more about this sharp increase: bit.ly/45Pa47J #SoftwareSupplyChainSecurity #TPRM

SharePoint ‘ToolShell’ zero-day: What we know The software supply chain incident highlights how quickly threat actors can turn newly revealed vulnerabilities into widespread attacks.

⚠️ Microsoft links SharePoint #ToolShell zero-day to widespread attacks. Here's what we know.👇 www.reversinglabs.com/blog/sharepo...

As of writing of this thread, the obfuscated file is still under analysis. We will post any updates here, so stay tuned!

dsjdsdksfndfdfiodsfdsfd1212@3.3.2 - npm | ReversingLabs Spectra Assure Community Supply chain risk analysis for dsjdsdksfndfdfiodsfdsfd1212@3.3.2. Learn more about package security, deployment risks, vulnerabilities, popularity, versions, and more with ReversingLabs.

Another package, dsjdsdksfndfdfiodsfdsfd1212 (secure.software/npm/packages...), containing the same file was published a bit later. It was impersonating the npm package "is."

is@3.3.1 - npm | ReversingLabs Spectra Assure Community Supply chain risk analysis for is@3.3.1. Learn more about package security, deployment risks, vulnerabilities, popularity, versions, and more with ReversingLabs.

⚠️🧵 RL researches have detected a supply chain attack in an #npm package with a total download count of over 2 million: secure.software/npm/packages... #OSS #Dev

RL @ BlackHat 2025 | ReversingLabs Meet RL at BlackHat Conference 2025 and see the cutting edge software supply chain security and malware analysis solutions enterprises can rely on.

#BHUSA attendees: #SecureCoding all-star
@shehackspurple.bsky.social
will be at RL Booth 3261 on 8/06 from 2-3pm to discuss her new book. Stop by to snag a free copy! Learn more: bit.ly/446vhc2 #BlackHat

Register: Unmasking a VS Code Supply Chain Attack Learn how a tiny VS Code extension change enabled a major software supply chain attack. Join ReversingLabs to uncover lessons and defense strategies.

ICYMI: We'll be hosting a live conversation tomorrow with the threat researchers who made this discovery. Register here & come ready with your questions: reversinglabs.com/webinar/unma... #VSCode #Dev #DevSecOps

Fully autonomous development is coming: Is your AppSec ready? Replacing software engineers with AI won't be happening soon — but AI coding is already changing the software risk landscape. Is your company prepared?

🤖 Replacing software engineers with AI won't be happening soon — but #AICoding is already changing the software risk landscape. Is your company prepared?👇 #DevSecOps #AppSec #Dev
www.reversinglabs.com/blog/fully-a...

Register: How To Get Software Vendors to Fix Their Code Learn how to uncover threats in third-party software, generate evidence, and drive vendor accountability to secure your software supply chain.

For years, software vendors enjoyed implicit trust... but that era is over. Join this webinar to learn how to move from passive trust in commercial software to active assurance. #SoftwareSupplyChainSecurity #TPRM #TPSRM
www.reversinglabs.com/webinar/how-...

Register: Unmasking a VS Code Supply Chain Attack Learn how a tiny VS Code extension change enabled a major software supply chain attack. Join ReversingLabs to uncover lessons and defense strategies.

👇 Join this live convo, where experts will dissect the compromise of ETHcode, a trusted #VSCode extension for #Ethereum smart contract development with nearly 6,000 installs. #Dev #DevSecOps www.reversinglabs.com/webinar/unma...

On Demand: Manifest Misconceptions-Closing the Gaps in SCA-Based SBOMs Most SBOMs miss nearly 50% of components. Learn why and how binary analysis closes the gap for better security, compliance & supply chain visibility.

🎙️ The 2020 attack on #SolarWinds served as a wake-up call to take #SoftwareSupplyChainSecurity seriously. Watch the webinar now to learn how your organization can step up its #SBOM game: bit.ly/3ZYaQLZ

RL @ BlackHat 2025 | ReversingLabs Meet RL at BlackHat Conference 2025 and see the cutting edge software supply chain security and malware analysis solutions enterprises can rely on.

Make your trip home from #BHUSA secure with an anti-theft backpack! 🎒 All you need to do is book 10 minutes with our experts at #BlackHat Booth 3261. Sign up here: bit.ly/446vhc2

Vibe coding is seductive — but also a risk that requires security controls AI coding has many attractions, but organizations must have humans in the loop to keep good software risk management vibes flowing.

#AICoding has many attractions, but organizations must have humans in the loop to keep good software risk management vibes flowing. #VibeCoding #DevSecOps #Dev www.reversinglabs.com/blog/vibe-co...

We found evidence of malicious code inclusion in one of the repositories hosted in #GitHub: t.co/4ujxsbDtlt

Redirect location hosts another downloader instruction, which downloads MSI installer that contains logic for downloading further stages of this malicious campaign.

Exploring the blockchain data for the given contract address reveals the URL redirect hidden in contract data published to blockchain.

⚠️🧵 RL threat researchers detected a malicious #npm package abusing #blockchain for malicious command hosting: secure.software/npm/packages...

#Dev #SoftwareSupplyChainSecurity #OpenSource

Announcing RL Spectra Analyze Version 9.5 In this product release highlight, ReversingLabs is proud to announce new features for Spectra Analyze (formerly A1000).

🎊 Big news! RL is excited to announce new features for Spectra Analyze v9.5, which includes wins for URL analysis, flexible intel feeds, & an ICAP server: www.reversinglabs.com/blog/announc...

#MalwareAnalysis #Cybersecurity #SecOps #SOC

Devs: Vet Your VS Code Plugins with Spectra Assure Community Learn how Spectra Assure Community helps developers assess risks in Microsoft VS Code Extensions before downloading.

Spectra Assure Community, RL's #OpenSource platform, now empowers #VSCode users to verify an extension’s level of risk before trusting it to run with privileged system access: bit.ly/40GSv6d #DevSecOps #AppSec #SoftwareSupplyChainSecurity #Dev