Blog Maciej Mensfeld

RubyGems supply chain attack: malware used as a credential exfiltration dead drop - 20170623 Pivorak 001 e1630576965224
Maciej Mensfeld Principal Product Architect

Maciej Mensfeld writes mostly about Supply Chain Security and Open Source Software. He is the creator of the Diffend security platform. He has over 16 years of experience designing and building systems with performance, scaling, and quality in mind. He is an active OSS contributor and maintainer of various projects.
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - Featured image Rubygems attack 1000x650

RubyGems supply chain attack: malware used as a credential exfiltration dead drop

RubyGems supply chain attack: stolen credentials hidden in the registry.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - Mend securing RubyGems

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread

How Mend.io caught a coordinated RubyGems attack and what it teaches us.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - AI and AWS blog 1

Next-Gen Vulnerability Assessment: AWS Bedrock Claude in CVE Data Classification

Explore LLMs in cybersecurity research: analyzing vulnerability data, sifting through CVE information, and enhancing digital safety.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - what existing security threats do AI and LLMs amplify post

What Existing Security Threats Do AI and LLMs Amplify? What Can We Do About Them?

Learn about the existing security threats that AI and LLMs amplify and how to protect against them.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - what new security threats arise from the boom in ai and llms

What New Security Threats Arise from The Boom in AI and LLMs?

Explore the security threats arising from the boom in AI and LLMs, including data privacy, misinformation, and resource exhaustion.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - npm Massive Dependency Confusion Attack

Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm

Stay informed about the latest supply chain security incident targeting npm users. Learn about the malicious packages and more.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - npm Massive Dependency Confusion Attack

Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked

dYdX, a popular cryptocurrency exchange, had its NPM account hacked in a supply chain attack. Learn how to protect against similar attacks.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - How to Conquer Remote Code Execution RCE in npm

How to Conquer Remote Code Execution (RCE) in npm

Learn how to conquer Remote Code Execution (RCE) attacks in npm. Find out why npm is susceptible, the threats of RCE, and more.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - RubyGems Critical CVE 2022 29176

Impact Analysis: RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover 

Impact Analysis of RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover. Learn about the vulnerability, impact assessment, and more

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - How To Mitigate Ruby Supply Chain Security Risks

Best Practices For Managing Ruby Supply Chain Security Risks

Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - Five Critically Important Facts About npm Package Security

Five Critically Important Facts About npm Package Security

Learn about the five critical facts about npm package security, including how attackers exploit trust, default behaviors, and dependency hell.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - malicious package npm

A Malicious Package Found Stealing AWS AIM data on npm has Similarities To Capital One Hack

Discover how a malicious package found stealing AWS AIM data on npm has similarities to the Capital One hack. Learn about the threat.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - The Source series

Popular JavaScript Library ua-parser-js Compromised via Account Takeover

Popular JavaScript library ua-parser-js was compromised via account takeover, releasing malicious versions.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - The Source series

Securing Your Package Manager’s Lockfiles

Learn how to secure your package manager's lockfiles to protect your application from supply chain risks and ensure version consistency.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - The Source series

How Packages’ External Resources Threaten Your Supply Chain

Learn how external resources in packages can threaten your supply chain security, & discover ways to mitigate these risks to protect your org.

Read More
RubyGems supply chain attack: malware used as a credential exfiltration dead drop - The Source series

Supply Chain Security — 10 Tips That Won’t Slow Development Down

Learn how to protect your software development process from supply chain attacks with these 10 tips that won't slow down your development.

Read More

Subscribe to our Newsletter

Join our subscriber list to get the latest news and updates

Thanks for signing up!