ReversingLabs

At least one package that included the dependencies has been detected secure.software/npm/packages/m…. More info to come

The packages claim to be Rust compiled versions of legitimate packages that have performance optimizations. Example of a pull request targeting npm/cli github.com/npm/cli/pull/9…

RL researchers discovered a new supply chain campaign in the works that is targeting npm projects. The newly created GitHub account github.com/dev-kjma is opening PRs across 38 repositories. The goal is to replace dependencies like secure.software/npm/packages/he and secure.software/npm/packages/f… with threat actor controlled packages.

Meet vibeware. Threat actors are leveraging the #VibeCoding trend to deliver malicious software at scale. Here's what you need to know — and how to avoid any bad vibes in your #AppSec world. hubs.ly/Q04clfvN0

Most public repos trust the latest version. RL doesn’t. Spectra Assure Community continuously monitors 7M+ packages across #npm, #PyPI, #RubyGems, #NuGet to surface malware, tampering & suspicious behavior. Try it yourself with a free account: hubs.ly/Q04clrVl0

Forrester Research's Madelein van der Hout laid out what's at stake with the EU's Cyber Resilience Act. It's a big shift for software organizations for one. She stressed that it should not be seen as a roadblock — but as an accelerator instead. 👇 hubs.ly/Q04c6JYs0 w/ @forrester @paulfroberts

It’s no secret modern #AppDev relies on #OpenSource — what’s catching up is how teams secure it. RL’s free Spectra Assure Community helps teams make smarter decisions about the software they use and ship. 👇 hubs.ly/Q04c61670 #BinaryAnalysis

High-end AppSec isn’t just for the Fortune 500. Spectra Assure Community gives devs, AppSec teams & OSS maintainers pro-grade supply chain security insights — without the cost or complexity. Move beyond blind trust 👉 hubs.ly/Q04bZCmc0

Spectra Assure Community: why free, fast, and actionable risk assessments matter for modern developers and AppSec teams x.com/i/broadcasts/1…

⚠️ ClickFix attacks don’t exploit software — they exploit people. By tricking users into running malicious commands, they bypass defenses and evade detection. See how RL uses YARA to catch what AV misses: hubs.ly/Q04bfb5t0 #ThreatResearch #Cybersecurity #YARA #ThreatHunting

AI and open source risks are redefining the #AppSec threat landscape — and raising new challenges. Statistics you need to know via @ReversingLabs. hubs.ly/Q049SbXf0 #OpenSource #AI

Graphalgo fake recruiter campaign returns NK threat actors targeting crypto developers have respawned — with an LLC and new techniques to hide malware. ReversingLabs reversinglabs.com/blog/graphalgo… @ReversingLabs

🚨 Open source attacks aren’t slowing down. Join RL Threat Researchers for a Q1 2026 round-up covering TeamPCP/LightLLM/axios, Graphalgo, malicious VS Code extensions, and NuGet-based attacks. See how teams can detect OSS threats earlier: hubs.ly/Q04bb1jM0

🚨 New RL #ThreatResearch: The #Graphalgo fake developer recruiter interview campaign is back. RL researchers have uncovered a broader network of fake companies tied to this fake recruiter operation — plus new attacker techniques. Read what the RL research team found: hubs.ly/Q04b8HsC0

Here’s what’s coming with next-gen AI agents like Anthropic's Mythos — including the ‘vulnpocalypse’ — and what it means for your AppSec roadmap. 👇 hubs.ly/Q049_Rhb0

🏆 ReversingLabs has earned two new industry honors for Spectra Assure: • 2026 Cybersecurity Excellence Award • 2026 Gold Globee Award See why it’s setting the standard for #SoftwareSupplyChainSecurity 👇 hubs.ly/Q04b0gXH0

ReversingLabs is honored to sponsor @SINETConnection Silicon Valley on April 21 at the Computer History Museum. Join us for a day of thought leadership and connection with the cyber community 👇 hubs.ly/Q049TtNm0

AI and open source risks are redefining the #AppSec threat landscape — and raising new challenges. Here are the statistics you need to know. 👇 hubs.ly/Q049SbXf0 #OpenSource #AI #CyberSecurity

Couldn’t keep up with everything at #RSAC2026? Join @RSnake, @paulfroberts & @charlie_jones3 as they break down the security trends worth your attention: 🔍 AI security verification 📦 Supply chain transparency ⚠️ Commercial software risk 🎁 10 attendees get a free copy of RSnake's book, AI’s Best Friend 👇 hubs.ly/Q049Gp3F0