3CX’s Software Supply Chain Compromise: Lessons Learned
About two years after 3CX's supply chain compromise, the voice-over-IP vendor has remade its software development process and continuous delivery/continuous integration (CI/CD) pipeline to prioritize the security, integrity, and resilience of its published code. ReversingLabs (RL) has been a part of that transformation. Here's a look at 3CX’s supply chain ... Read More
Malicious python packages target popular Bitcoin library
When it comes to the frequency and sophistication of software supply chain attacks, few industries can compare with the cryptocurrency industry. As RL’s 2025 Software Supply Chain Security Report notes: In 2024, there were close to two dozen sustained supply chain campaigns designed to compromise cryptocurrency applications, crypto owners’ wallets ... Read More
Less malware, more risk: The changing face of open-source security
The ReversingLabs research team found some good news when it comes to the security of open-source software (OSS): Incidents of malware lurking on OSS repositories dropped dramatically in 2024, data from RL’s "2025 Software Supply Chain Security Report" shows. But there's bad news too. Despite the decline in malware, software ... Read More
Hidden threats lurk in commercial software: How to manage risk
Your IT department just received notice that your network switches received a signed OS update that included feature improvements and fixes for security vulnerabilities. That’s good news, right? ... Read More
OSS in the crosshairs: Cryptomining hacks highlight key new threat
A dozen packages associated with the popular, open source projects rspack and vant were compromised this week by threat actors who implanted malicious, crypto-mining code in packages with hundreds of thousands of weekly downloads. ... Read More
Malware found in Solana npm library raises the bar for crypto security
Unknown malicious actors compromised an open source library affiliated with the Solana blockchain platform, putting untold numbers of cryptocurrency platforms and individual wallets at risk of theft ... Read More
Downgrade attacks open patched systems to malware
A new report by the former SafeBreach researcher Alon Leviev is raising alarms about the risks posed by downgrade attacks on Microsoft Windows. In a blog post, Leviev, who now works for Microsoft, explained that his latest bypass could allow a malicious actor to load unsigned kernel drivers on a ... Read More
SEC action raises the bar on software transparency
The U.S. Securities and Exchange Commission (SEC) recently announced fines amounting to nearly $7 million for violations of financial disclosure rules in the wake of the SunBurst attack on SolarWinds. ... Read More
Hacker Summer Camp: Reboot needed to tackle software supply chain threats
“Everything under heaven is in chaos. The situation is excellent!” That is how Mao Zedong, the chairman of China's Communist party, read the state of affairs in China in the early 1960s. As they weigh huge shifts in the number and nature of cyberthreats and contemplate substantial changes in their ... Read More
