ReversingLabs

?? RL is a finalist in the #DevOpsDozenAwards for best #DevSecOps solution! Please vote for us here: https://bit.ly/3YNO3Rr We need your help in naming us a winner. Please click the link above to vote for “ReversingLabs Spectra Assure” in Section 15. Thank you to our community for your continued support! ??

We'd like to thank ?Wirespeed for naming us their "Overall Best File Reputation Vendor" in 2025! ?? "If you’d like to see more innovation in this space and want even deeper analysis, choose RL." Talk about a great reason to give thanks! ?? Continue reading to learn how Wirespeed uses RL Spectra Intelligence for their #FileReputation: https://lnkd.in/enUhEsfn #ThreatIntel #SOC #MultiScan

RL's Sa?a Zdjelar argues why #AppSec & #TPRM teams need to go beyond Secure by Demand in this piece for Dark Reading: https://bit.ly/3AViWLS "Neither a detailed #SBOM nor a completed vendor security questionnaire would have thwarted the NotPetya attack... So why should enterprise consumers take comfort from SBOMs & questionnaires alone when looking to protect their organizations?" Read the full article at the link above.

Happy Friday, here's Chainmail: Software Supply Chain Security News, brought to you by the folks here at RL. This week: Differential analysis raises red flags over an infected legitimate package on #npm. Also: #GitHub projects targeted with malicious commits to frame a security researcher. #SoftwareSupplyChainSecurity

?? New RL #ThreatResearch: 3 versions of a popular package were infected & used to spread malicious code that was stealing crypto wallet assets: https://bit.ly/4fAxoYU Learn more about the campaign details at the link above from RL software threat researcher Lucija Valenti?. #OpenSource #SoftwareSupplyChainSecurity

The state of #ShiftLeft was on the agenda at the Elephant in #AppSec Conference: https://bit.ly/4eAD0Rt One clear consensus among experts: Modern threats demand an all-in approach. Ft. insights from Tanya Janca, Cassie Crossley, Chris Romeo & more. #SoftwareSupplyChainSecurity

?? Exciting stuff: Spectra Assure? now detects ML malware in PKL, NPY, & NPZ: https://bit.ly/3Cyugy2 This update to our #SoftwareSupplyChainSecurity solution will better serve our customers in the detection of these hidden threats. Learn more about the threat posed by #ML files & how RL can identify them at the link above. #python

?? RL had a great time at GuidePoint's GPSec Philly event! The RL booth, staffed by Samuel Nagy & Justin Doupe, was buzzing with excitement. Plus, our very own Daniel Petrillo spoke with GuidePoint Security's Patrick McNeil in an amazing breakout session. Special thanks to Amanda McLaughlin & Camryn Hunt for putting on yet ANOTHER fantastic event. ?? #GPSec #SoftwareSupplyChainSecurity #SecOps

Take some time before the weekend to read this edition of Chainmail: Software Supply Chain Security News, curated by the team here at RL. This week: Researchers uncovered two critical flaws in Google’s #VertexAI that could have allowed attackers to escalate privileges & exfiltrate models. Also: Amazon’s latest data breach was a result of the infamous #MOVEit Transfer’s 2023 SQL injection flaw. #SoftwareSupplyChainSecurity

??? RL's Sa?a Zdjelar joined Gotham Technology Group's Ken Phelan to talk Software Supply Chain Security: https://bit.ly/4exxm2C Watch their conversation at the link above to learn how software has become a leading vector for malicious attacks, & what modern software security looks like. #SoftwareSupplyChainSecurity #AppSec #DevSecOps