all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks

Add to bookmarks
Sept. 5, 2023, noon | carolynn.vanarsdale@reversinglabs.com (Carolynn van Arsdale)

ReversingLabs Blog blog.reversinglabs.com




Security teams are well aware of the growing problem of software supply chain attacks, but it’s essential that organizations stay abreast of the various threats posed to software supply chains.


One of the pain points that organizations need to learn more about and defend against is malicious campaigns found on open-source software repositories. Repositories such as npm and PyPI are used globally by developers to build software applications, and attackers in recent years have taken great advantage of that.

attacks aware learn lessons learned malicious npm organizations points problem pypi research security security teams software software supply chain software supply chain attacks software supply chains software supply chain security supply supply chain supply chain attacks supply chains teams threat threat research threats

Visit resource

More from blog.reversinglabs.com / ReversingLabs Blog

Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic 4 days, 17 hours ago | blog.reversinglabs.com
alarm appsec & supply chain security breach breaches +25
What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss 5 days, 16 hours ago | blog.reversinglabs.com
appsec & supply chain security cisos development don +16
How SOC analysts and threat hunters can expose malware undetected by EDR 6 days, 17 hours ago | blog.reversinglabs.com
analysts can corporate don +16
Introducing the Unified RL Spectra Suite 6 days, 17 hours ago | blog.reversinglabs.com
always on appsec & supply chain security change criminals +15
Announcing the General Availability of Spectra Detect v5.0: Enhancing File Analysis for Advanced Threat Detection 6 days, 17 hours ago | blog.reversinglabs.com
advanced advanced threat advanced threat detection analysis +23
Announcing the General Availability of TitaniumScale v5.0: Enhancing File Analysis for Advanced Threat Detection 1 week, 3 days ago | blog.reversinglabs.com
advanced advanced threat advanced threat detection analysis +23
How NIST CSF 2.0 and C-SCRM help manage software supply chain risk 1 week, 4 days ago | blog.reversinglabs.com
appsec & supply chain security businesses critical critical infrastructure +29
What’s hot at RSAC 2024: 7 must-see talks for security operations teams 1 week, 5 days ago | blog.reversinglabs.com
conference filter flood francisco +21
NVD delays highlight vulnerability management woes: Put malware first 1 week, 6 days ago | blog.reversinglabs.com
appsec & supply chain security attention change current +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Offensive Security Engineering Technical Lead, Device Security

@ Google | Amsterdam, Netherlands
View on infosec-jobs.com

Senior Security Engineering Program Manager

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Information System Security Analyst

@ Resource Management Concepts, Inc. | Dahlgren, Virginia, United States
View on infosec-jobs.com

Critical Facility Security Officer - Evening Shift

@ Allied Universal | Charlotte, NC, United States
View on infosec-jobs.com

Information System Security Officer, Junior

@ Resource Management Concepts, Inc. | Patuxent River, Maryland, United States
View on infosec-jobs.com

Security Engineer

@ JPMorgan Chase & Co. | Plano, TX, United States
View on infosec-jobs.com
View more jobs