Artificial intelligence (AI) and machine learning (ML) are now inextricably linked to the software supply chain. ML models, which are based on large language models (LLMs), are powering the enterprise — and offer an infinite number of solutions to organizations’ mission-critical needs. The widespread and increasing use of generative AI ... Read More

Threat actors have all kinds of motivations for targeting open-source software (OSS) repositories like the Python Package Index (PyPI). Financial gain is one of them. As ReversingLabs (RL) 2025 Software Supply Chain Security Report noted, there were close to two dozen software supply chain campaigns in 2024 alone that targeted ... Read More

The ReversingLabs research team has written about the surge in recent years in software supply chain attacks that target cryptocurrency. RL’s 2025 Software Supply Chain Security Report documented 23 distinct malicious supply chain campaigns targeting cryptocurrency applications and infrastructure in 2024 alone. That trend continues. So far in 2025, RL researchers ... Read More

In the last few months, artificial intelligence (AI) is popping up in all kinds of headlines, ranging from technical software developer websites to the Sunday comics. There’s no secret why. Given the recent explosion in the capabilities of large language models (LLMs) and generative AI, organizations are trying to find ... Read More

Executive Summary On December 4, a malicious version 8.3.41 of the popular AI library ultralytics — which has almost 60 million downloads — was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project's build ... Read More

Executive Summary ReversingLabs’ machine learning-based threat hunting system detected malicious code in a legitimate looking package, aiocpa, last week that was engineered to compromise crypto currency wallets. RL then reported the malicious package to the Python Package Index (PyPI) to be taken down, and the PyPI team then published their ... Read More

ReversingLabs researchers have identified new, malicious software packages believe to be linked to a campaign, VMConnect, that our team first identified in August 2023 and which has ties to the North Korean hacking team Lazarus Group. The new samples were tracked to GitHub projects that have been linked to previous, ... Read More

ReversingLabs has been actively tracking a malicious campaign targeting the NuGet package manager since the beginning of August, 2023. This report presents the findings of that research, which shows how malicious actors are continuously improving their techniques and responding to disruption of their campaigns. Since the beginning of the campaign, threat ... Read More

ReversingLabs researchers recently discovered a malicious, open source package: xFileSyncerx on the Python Package Index (PyPI). The package, with close to 300 registered downloads, contained separate malicious “wiper” components. Is it an open source supply chain threat? Kind of. Further investigation by our team uncovered the fact that the downloader ... Read More

ReversingLabs has identified a new, malicious campaign consisting of seven different open source packages with 19 different versions on the Python Package Index (PyPI), with the oldest package dating back to December, 2022. The campaign's goal: to steal mnemonic phrases used to recover lost or destroyed crypto wallets.  This is ... Read More