📣 Get ready: RL is heading to @BlackHatEvents #BHUSA 2025 in Las Vegas! Catch us at Booth 3261 on August 6-7. See what we're up to at this year's #BlackHat:

🎙️ The 2020 attack on #SolarWinds served as a wake-up call to take #SoftwareSupplyChainSecurity seriously. Watch the webinar now to learn how your organization can step up its #SBOM game:

Make your trip home from #BHUSA secure with an anti-theft backpack! 🎒 All you need to do is book 10 minutes with our experts at #BlackHat Booth 3261. Sign up here:

#AICoding has many attractions, but organizations must have humans in the loop to keep good software risk management vibes flowing. #VibeCoding #DevSecOps #Dev

RT @openteamsinc: 🛡️ How do you enforce security without slowing your team?. Unvetted dependencies open the door to malware, misconfigurati….

We found evidence of malicious code inclusion in one of the repositories hosted in #GitHub:

Redirect location hosts another downloader instruction, which downloads MSI installer that contains logic for downloading further stages of this malicious campaign.

Exploring the blockchain data for the given contract address reveals the URL redirect hidden in contract data published to blockchain.

⚠️🧵RL threat researchers detected a malicious #npm package abusing #blockchain for malicious command hosting:

In the latest episode of the ConversingLabs #podcast, @FDD_CCTI Senior Policy Analyst @jiwonma_92 discusses her new report about the #SoftwareSupplyChainSecurity challenges facing #aviation:

🎊 Big news! RL is excited to announce new features for Spectra Analyze (formerly A1000) v9.5, which includes wins for URL analysis, flexible intel feeds, & an ICAP server! 👇 #MalwareAnalysis #Cybersecurity #SecOps #SOC

Spectra Assure Community now empowers #VSCode users to verify an extension’s level of risk before trusting it to run with privileged system access: #DevSecOps #AppSec #SoftwareSupplyChainSecurity.

#ThreatModeling is the secret weapon that helps teams design software with security baked in — before the first line of code is written. Join us to learn more. 👇 #Dev #DevSecOps #AppSec

Visit now to start using Spectra Assure Community!.

Launching Support for VS Code in Spectra Assure Community

👀The full story for this malicious campaign is now available at RL Blog: #VSCode #Ethereum #github.

RL Chief Trust Officer @SasaZdjelar for @CyberScoopNews: Most teams are still relying on security tools designed for human-written code - despite #AIcoding becoming popular. Talk about risky! #Dev #Coding

💪 After a major supply chain compromise, #3CX remade it's software development process & CI/CD pipeline to strengthen its published code. Learn from their journey.👇 #AppSec #SoftwareSupplyChainSecurity #Dev

Stay tuned for more updates about this malicious campaign, which will be posted to RL Blog soon:

The malicious package reimplements functionality of the impersonated package, but additionally intercepts calls to BAC Credomatic payment APIs & exfiltrates credit card info to a Telegram bot.