🚨 New RL #ThreatResearch: The #Graphalgo fake developer recruiter interview campaign is back.

RL researchers have uncovered a broader network of fake companies tied to this fake recruiter operation — plus new attacker techniques.

Read what the RL team found: www.reversinglabs.com/blog/graphal...

Axios supply chain attack: How AppSec teams should respond | ReversingLabs Here's an incident-response checklist and ongoing best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.

The axios supply chain attack should be front an center for #AppSec teams given it's wide reach.
Here's RL's immediate-response checklist — and best practices for ongoing defense. Also learn how RL’s xBOM and Spectra Assure Community can help. 👇
www.reversinglabs.com/blog/axios-a...

How JPMorgan Chase tackles third-party software ‘trust debt’ | ReversingLabs JPMC CISO Patrick Opet discussed his open letter on third-party software risk — and the changes suppliers have made since.

At #RSAC, JPMorgan Chase CISO Patrick Opet revisited third-party risk — and the supplier changes that followed.

Is your organization learning the lesson on “trust debt”?

Learn how to move beyond blind trust: www.reversinglabs.com/blog/opet-jp...

jjrawlins-cdk-iam-policy-builder-helper@0.0.194 - PyPI | ReversingLabs Spectra Assure Community Supply chain risk analysis for jjrawlins-cdk-iam-policy-builder-helper@0.0.194. Learn more about package security, deployment risks, vulnerabilities, popularity, versions, and more with ReversingLabs.

The compromise spread to PyPI and NuGet ecosystem through usage of JSII modules inside versions 0.0.194 of the jjrawlins-cdk-iam-policy-builder-helper packages.
Packages depend on compromised versions of axios npm package.
secure.software/pypi/package...
secure.software/nuget/packag...

axios@1.14.1 - npm | ReversingLabs Spectra Assure Community Supply chain risk analysis for axios@1.14.1. Learn more about package security, deployment risks, vulnerabilities, popularity, versions, and more with ReversingLabs.

🚨 RL Research Alert!
Look out for the compromised versions 1.14.1 and 0.30.4 of axios npm package with almost 11 billion downloads.
secure.software/npm/packages...

It is the latest victim in the ongoing TeamPCP supply chain campaign. Previous victims include Trivy, Checkmarx and LiteLLM.Ultimate goal is exfiltration of cloud secrets like observed in previous attacks. Malicious code is added to telnyx/_client.py file. New C2 server is 83[.]142.209.203

telnyx@4.87.2 - PyPI | ReversingLabs Spectra Assure Community Supply chain risk analysis for telnyx@4.87.2. Learn more about package security, deployment risks, vulnerabilities, popularity, versions, and more with ReversingLabs.

Look out for compromised versions 4.87.1 and 4.87.2 of telnyx PyPI package with more than 3.75 million downloads.
secure.software/pypi/package...

Malicious npm packages use fake install logs to load RAT | ReversingLabs The final-stage malware in the Ghost campaign is a RAT designed to steal crypto wallets and sensitive data.

📢 Just dropped: New RL research!

👻 Ghost campaign returns via malicious #npm packages

⚠️ Phishes sudo passwords + hides behind fake install logs

🔍 www.reversinglabs.com/blog/npm-fak...

🛡️ Ask us about it — + Spectra Assure Community — at Booth #4328 #RSAC2026

@teale.io/eslint-config@1.8.9 - npm | ReversingLabs Spectra Assure Community Supply chain risk analysis for @teale.io/eslint-config@1.8.9. Learn more about package security, deployment risks, vulnerabilities, popularity, versions, and more with ReversingLabs.

Security Advisory: our research team is tracking threat actor #TeamPCP, who hacked the #Trivy supply chain and infected over 140 npm packages with self-propagating malware #CanisterWorm. View our platform's analysis of a known infected package here: secure.software/npm/packages...

How to Make Your SBOMs Actionable with PURLs | ReversingLabs Package URLs give software components an exact address to improve vulnerability matching, which reduces alert fatigue and simplifies compliance.

"Ambiguous package names & fragmented tracking methods leave organizations vulnerable to sophisticated supply chain attacks. By demanding PURLs in your SBOMs, you enforce a strict standard of visibility and accountability"
www.reversinglabs.com/blog/why-you...
#cybersecurity #SBOM @reversinglabs.com

BSIMM16 confirms it: AI redefines the AppSec landscape | ReversingLabs AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.

BSIMM16 reinforces that #AIcoding is the new reality — and it will further destabilize #softwaresupplychainsecurity.
So step up your #AppSec. 👇
www.reversinglabs.com/blog/bsimm16...

Malicious NuGet package targets Stripe | ReversingLabs In this latest incident, threat actors target developers with a bogus package — a shift away from cryptocurrency development targets.

🚨 RL researchers discovered a malicious package impersonating a legitimate Stripe package on #NuGet — marking a move away from blockchain-related targets while staying focused on financial development tools. Read here: www.reversinglabs.com/blog/malicio...

How to Use YARA Retrohunting for Detection Engineering | ReversingLabs Learn how to leverage ReversingLabs’s dynamic analysis of <em>pkr_mtsi</em> for defense using YARA Rules in Spectra Analyze.

ReversingLabs' Ashlee Benge shares how to use YARA retrohunting for detection engineering by leverageing RL's dynamic analysis of "pkr_mtsi" for defense in Spectra Analyze.
👉 hubs.ly/Q043qJY-0

#yararules #detectionengineering #malwareanalysis

Fake recruiter campaign targets crypto developers with RAT | ReversingLabs A new branch of a well-coordinated fake job recruitment campaign is targeting Javascript and Python developers via social channels.

⚠️ RL #ThreatResearch: A new branch of a fake job recruitment campaign by the NK Lazarus Group, dubbed "graphalgo," is targeting #Javascript & #Python devs with a remote access trojan (RAT). Read more: hubs.ly/Q042HLPR0

Notepad++ hack marks an evolution of supply chain threats | ReversingLabs A months-long compromise of the popular source code editor underscores a diversification of attack methods. Here's why going beyond trust is key.

⛓️ The recent compromise of Notepad++ underscores supply chain attack method diversification. It also serves as a reminder for why going beyond implicit trust is a must: hubs.ly/Q041-Cb30
#SoftwareSupplyChainSecurity #AppSec #DevSecOps

Vulnerable MCP Servers Lab: 9 ways to boost ML security | ReversingLabs The new GitHub-based lab aims to tame MCP servers with security server and tool-integration training, demos, and instruction on attack methods.

🤖 #MCP provides a standardized way for #AI agents to connect directly to apps, tools, & data sources. But because they have real authority, they're attractive targets. The new Vulnerable MCP Servers Lab aims to solve this: https://bit.ly/3MaNXAY

Open-source attacks move through normal development workflows - Help Net Security Open source supply chain attacks move through normal development workflows, turning routine updates and trusted code into delivery paths.

Open-source attacks move through normal development workflows

📖 Read more: www.helpnetsecurity.com/2026/02/03/o...

#cybersecurity #cybersecuritynews #opensource #supplychain #vulnerabilitymanagement @reversinglabs.com

Software Supply Chain Security Report: A 2025 retrospective | ReversingLabs ReversingLabs looked at last year's report in the rear-view mirror. Here's a retrospective with what the team got right -- and wrong.

🪞We looked back on what we predicted the #SoftwareSupplyChainSecurity threat landscape would be in 2025. Here's what we got right — & wrong: https://bit.ly/49UKS19

The Collapse of Trust in the Software Supply Chain The software supply chain is the end-to-end pathway through which software components are sourced, assembled, and deployed into production.

⛓️‍💥 Former CEO & founder of Black Duck Software Doug Levin writes in his Substack how trust in the reliability of the #SoftwareSupplyChain has sharply deteriorated: https://bit.ly/4qLx66N

🔎 In the latest edition of the RL Researcher's Notebook Series, #malware analyst Robert Simmons offers a deep dive of the recent #EmEditor supply chain compromise: https://bit.ly/4rgniBK

Technology’s “Upside Down”? Software Supply Chain The concept of an “Upside Down” is a good way to think about software risks, as the latest Software Supply Chain Security Report makes clear.

The #StrangerThings concept of the “Upside Down” is a pretty useful way to think about the risks lurking in the software we all rely on. A new report from @reversinglabs.com shines a light into that dark world. #appsec #softwaresupplychain securityledger.com/2026/01/tech...

Open-source malware zeroes in on developer environments - Help Net Security Open source malware activity increased in 2025, with attackers using public registries and installs to reach developers and CI systems.

Open-source malware zeroes in on developer environments

📖 Read more: www.helpnetsecurity.com/2026/01/29/r...

#cybersecurity #cybersecuritynews #opensource #malware @reversinglabs.com

How AI coding is breathing new life into Rust  | ReversingLabs AI coding tools are making the memory-safe language Rust a favorite of developers -- even those maintaining massive codebases like Microsoft's.

🤖 #AI tools are making #Rust a favorite language of devs — even those maintaining codebases like Microsoft’s. Keep reading to learn how #AIcoding bolsters Rust: https://bit.ly/49O7wIs

📣 RL's 4th annual report on the state of #SoftwareSupplyChainSecurity is now available: https://bit.ly/3Fq6F3W

#AppSec #DevSecOps

Anthropic's $1.5M Python investment: Why it matters | ReversingLabs Here's what the $1.5M investment in the Python Software Foundation will mean for AI security and open-source management.

🐍 @python.org announced a 2-year partnership with #Anthropic, which will contribute $1.5 million to support the foundation's security initiatives for #PyPI: https://bit.ly/4a6uvhU

Celebrating 9 Years of the Cyber Threat Alliance: Advancing Collective Defense Together - Cyber Threat Alliance By Mario Vuksan, CEO & Co-founder, ReversingLabs This year marks the 9th anniversary of the Cyber Threat Alliance (CTA) — a milestone that highlights nearly a decade of collaboration, trust, and share...

CTA has "helped raise the bar for collaboration across the cybersecurity community, demonstrating that sharing does not weaken competitive advantage — it strengthens collective resilience"
@reversinglabs.com
tinyurl.com/6xtnck5y
#CTA9Years #strongertogether #cybersecurity #threatintelligence

SSDF 1.2 recognizes AppSec is a journey | ReversingLabs NIST has broadened the Secure Software Development Framework to include the full software development lifecycle. Here's why it matters.

NIST has broadened the Secure Software Development Framework (SSDF) to include the full SDLC. Here's what your #AppSec team needs to know: https://bit.ly/3ZksCbk

#DevSecOps #SoftwareSupplyChainSecurity

Mandatory SBOMs: What CRA is -- and why it matters | ReversingLabs The EU's Cyber Resilience Act introduces a legal obligation for software producers to create, maintain, and retain an SBOM. Are you prepared?

📝 The Cyber Resilience Act legally obliges software producers to create, maintain, & retain an #SBOM for all products with digital elements marketed within the EU. Here's what you need to know: https://bit.ly/4b4XSSV

Why governance is essential for safe AI adoption | ReversingLabs A new CSA report stresses getting out in front of AI risk — and offers insights into AI in SecOps. Here’s why you need guardrails.

🤖 A new report on #AIsecurity from the Cloud Security Alliance finds that enterprise governance of #AI usage & potential threats makes a huge difference: https://bit.ly/459MYrk

🚨New Feature Alert: secure.software now offers free, single click #SBOM delivery in the CycloneDX format. See it in action: app.arcade.software/share/oBBgnr...

#Dev #AppSec #DevSecOps