⚠️ #ML devs, take note: RL threat researchers have identified nullifAI, a novel attack technique used on ML models hosted on #HuggingFace.

Another package belonging to the same campaign is solana-web3.js (. It functions the same as the previous packages, but impersonates the legitimate #npm package [@]solana/web3.js, & the malicious function is executed when the function getBalance is used.

RL is excited to announce our integration with @GlasswallCDR, a leader in #ZeroTrust file protection! This collab enhances risk mitigation by leveraging RL's 40 bn known goodware & #malware samples alongside Glasswall's advanced #CDR.

RT @Jhaddix: Great analysis and article by @ReversingLabs Combining a different zip format (7zip) and hiding malicious code in a pickle f…

Learn how RL's Advanced #MalwareAnalysis can help your organization move beyond the #sandbox to better guard against malicious files.

RT @ap0x: The @ReversingLabs #ThreatResearch team discovered #nullifAI, a novel attack technique used on an #ML model hosted on #HuggingFa…

"trufflevscode" is referenced in the dependencies & is required in the main script of the extension. It uses obfuscated #JavaScript code to download & execute the second stage payload. Details:

💡 New from RL Blog: Here's what your #AppSec team needs to know about the relationship between @CISAgov's Secure By Design/Secure By Default - and why you need both. #SoftwareSupplyChainSecurity

RT @helpnetsecurity: Cybersecurity jobs available right now: February 4, 2025 - - @Infoblox @RChilli @Kent_Energy @…

#IdentityManagement is essential for security, but #AI is bringing a lot more non-humans into the mix. The new @OWASP NHI Top 10 calls attention to this.👇

⚔️ #AI can improve #cybersecurity outcomes, but it also represents an entirely new threat landscape. Upgrade your security strategy — & tooling — for the AI age, ft. insights from @ProtectToEnable.👇

At the time of discovery, command in the #GitHub Gist wasn't malicious. The package is no longer present on #npm. #SoftwareSupplyChainSecurity #OSS

BSIMM15 emphasizes traditional #AppSec practices — but those are no match for modern software supply chain attacks & the threat from #AI/#ML. Here's what you need to know.👇