Microsoft notified customers this past weekend regarding in-the-wild attacks targeting its SharePoint products following exploits of several vulnerabilities within the software ...

Lowering the risks that common vulnerabilities and exposures (CVEs) pose to organizations can be a costly endeavor — but shifting your team's focus away from the deluge can free up your software ...

A trio of AI experts raised eyebrows earlier this year when they revealed their ambitious plans to use artificial intelligence (AI) tools to automate all white-collar jobs "as fast as possible." At ...

Vibe coding is having its moment as the latest hoped-up AI technology, but busy enterprise development and security operations teams have to be aware of its risks ...

Spectra Analyze v9.5 Release Highlights RL Spectra Analyze empowers all levels of the SOC with a private, in-depth, malware analysis workbench. Analysts, incident responders, and threat hunters are enabled with distinct threat ...

The steady flow of news about malicious attacks on open source repositories like npm, PyPi, RubyGems and NuGet can be deceptive. Open source dependencies are only part of the software supply chain ...

In the last few months, ReversingLabs (RL) researchers have encountered multiple malicious packages that target cryptocurrency users and developers. In May, RL researcher Karlo Zanki wrote a blog about malicious PyPI packages ...

About two years after 3CX's supply chain compromise, the voice-over-IP vendor has remade its software development process and continuous delivery/continuous integration (CI/CD) pipeline to prioritize the security, integrity, and resilience of its ...

The AI security landscape has become a maze of overlapping vendor claims and made-up categories, leaving organizations struggling to distinguish between products that can actually help and those that are just marketing ...

  ...