ReversingLabs’ 2025 Software Supply Chain Security Report finds that security flaws in commercial and open source code are epidemic as hackers target supply chains including those for cryptocurrency and AI in a play for access to sensitive data and IT assets.
Researchers at ReversingLabs said they discovered two npm open source packages that contained malicious code linked to open source malware known as TurkoRat.
In this episode of the Security Ledger Podcast, Paul speaks with Jill Moné-Corallo, the Director of Product Security Engineering Response at GitHub. Jill talks about her journey from a college stint working at Apple’s Genius bar, to the information security space – first at product security at Apple and now at GitHub, a massive development platform that is increasingly in the crosshairs of sophisticated cyber criminals and nation-state actors.
An IP address parsing flaw in the netmask NPM module affects hundreds of thousands of applications that rely on it. But that may be just the tip of the iceberg, researchers warn.
A serious security flaw in a commonly used npm security module, private-ip, may affect hundreds of thousands of private and public applications.
