RL researchers detected a sophisticated, malicious package believed to be an ongoing campaign that may be linked to a hacktivist gang.

ReversingLabs researchers discovered more than 60 GitHub repositories that contain hundreds of trojanized files.

ReversingLabs provides tools to detect the CONTI ransomware family - a leading ransomware as a service outfit

The eslint-config-prettier package exposed more than 10,000 dependent projects. The incident highlights the growing risks in automated dependency updating.

RL has discovered a loophole on VS Code Marketplace that allows threat actors to reuse legitimate, removed package names for malicious purposes. 

RL researchers detected the first self-replicating worm that compromised npm packages with cloud token-stealing malware. Here's what you need to know.

RL's research team analyzed four RATs operated by STD Group, which yielded file indicators to better detect the malware families, plus two YARA rules.

The automation tool's Install-Module command presents threat actors with one key link in the kill chain of a possible attack.

Proving the road to takeover is paved with setuptools alternatives, the script for a popular Python package for building and installing PyPI packages leaves them vulnerable.