Maciej Mensfeld, Author at Mend

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread - 20170623 Pivorak 001 e1630576965224

Maciej Mensfeld Principal Product Architect

Maciej Mensfeld writes mostly about Supply Chain Security and Open Source Software. He is the creator of the Diffend security platform. He has over 16 years of experience designing and building systems with performance, scaling, and quality in mind. He is an active OSS contributor and maintainer of various projects.

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread

Maciej Mensfeld May 14, 2026

Malicious Packages

How Mend.io caught a coordinated RubyGems attack and what it teaches us.

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread - AI and AWS blog 1

Next-Gen Vulnerability Assessment: AWS Bedrock Claude in CVE Data Classification

Maciej Mensfeld Jul 30, 2024

AI Models Risk

Explore LLMs in cybersecurity research: analyzing vulnerability data, sifting through CVE information, and enhancing digital safety.

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread - what existing security threats do AI and LLMs amplify post

What Existing Security Threats Do AI and LLMs Amplify? What Can We Do About Them?

Maciej Mensfeld Jan 18, 2024

AI Models Risk

Learn about the existing security threats that AI and LLMs amplify and how to protect against them.

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread - what new security threats arise from the boom in ai and llms

What New Security Threats Arise from The Boom in AI and LLMs?

Maciej Mensfeld Nov 15, 2023

AI Models Risk

Explore the security threats arising from the boom in AI and LLMs, including data privacy, misinformation, and resource exhaustion.

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread - npm Massive Dependency Confusion Attack

Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm

Maciej Mensfeld Oct 2, 2022

Malicious Packages

Stay informed about the latest supply chain security incident targeting npm users. Learn about the malicious packages and more.

Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked

Maciej Mensfeld Sep 23, 2022

Malicious Packages

dYdX, a popular cryptocurrency exchange, had its NPM account hacked in a supply chain attack. Learn how to protect against similar attacks.

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread - How to Conquer Remote Code Execution RCE in npm

How to Conquer Remote Code Execution (RCE) in npm

Maciej Mensfeld Jul 19, 2022

Malicious Packages

Learn how to conquer Remote Code Execution (RCE) attacks in npm. Find out why npm is susceptible, the threats of RCE, and more.

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread - RubyGems Critical CVE 2022 29176

Impact Analysis: RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover

Maciej Mensfeld May 10, 2022

Malicious Packages

Impact Analysis of RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover. Learn about the vulnerability, impact assessment, and more

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread - Five Critically Important Facts About npm Package Security

Five Critically Important Facts About npm Package Security

Maciej Mensfeld Feb 8, 2022

Open Source Security

Learn about the five critical facts about npm package security, including how attackers exploit trust, default behaviors, and dependency hell.

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread - malicious package npm

A Malicious Package Found Stealing AWS AIM data on npm has Similarities To Capital One Hack

Maciej Mensfeld Feb 2, 2022

Malicious Packages

Discover how a malicious package found stealing AWS AIM data on npm has similarities to the Capital One hack. Learn about the threat.

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread - The Source series

Popular JavaScript Library ua-parser-js Compromised via Account Takeover

Maciej Mensfeld Oct 22, 2021

Open Source Security

Popular JavaScript library ua-parser-js was compromised via account takeover, releasing malicious versions.

Securing Your Package Manager’s Lockfiles

Maciej Mensfeld Sep 2, 2021

DevSecOps

Learn how to secure your package manager's lockfiles to protect your application from supply chain risks and ensure version consistency.

How Packages’ External Resources Threaten Your Supply Chain

Maciej Mensfeld Jul 15, 2021

Malicious Packages

Learn how external resources in packages can threaten your supply chain security, & discover ways to mitigate these risks to protect your org.

Supply Chain Security — 10 Tips That Won’t Slow Development Down

Maciej Mensfeld Jun 10, 2021

Software Supply Chain

Learn how to protect your software development process from supply chain attacks with these 10 tips that won't slow down your development.

Three New Supply Chain Attack Methods You Should Be Aware Of

Maciej Mensfeld May 3, 2021

Software Supply Chain

Learn about Imposter Library, Brandjacking, and Security Research Smokescreen methods. Stay informed on the latest supply chain attack methods.

Maciej Mensfeld Principal Product Architect

Subscribe to our Newsletter

Compare by AppSec