Blog Maciej Mensfeld

Maciej Mensfeld

Maciej Mensfeld writes mostly about Supply Chain Security and Open Source Software. He is the creator of the Diffend security platform. He has over 16 years of experience designing and building systems with performance, scaling, and quality in mind. He is an active OSS contributor and maintainer of various projects.

Next-Gen Vulnerability Assessment: AWS Bedrock Claude in CVE Data Classification

Explore LLMs in cybersecurity research: analyzing vulnerability data, sifting through CVE information, and enhancing digital safety.

Read More

What Existing Security Threats Do AI and LLMs Amplify? What Can We Do About Them?

Learn about the existing security threats that AI and LLMs amplify and how to protect against them.

Read More

What New Security Threats Arise from The Boom in AI and LLMs?

Explore the security threats arising from the boom in AI and LLMs, including data privacy, misinformation, and resource exhaustion.

Read More

Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm

Stay informed about the latest supply chain security incident targeting npm users. Learn about the malicious packages and more.

Read More

Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked

dYdX, a popular cryptocurrency exchange, had its NPM account hacked in a supply chain attack. Learn how to protect against similar attacks.

Read More

How to Conquer Remote Code Execution (RCE) in npm

Learn how to conquer Remote Code Execution (RCE) attacks in npm. Find out why npm is susceptible, the threats of RCE, and more.

Read More

Impact Analysis: RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover 

Impact Analysis of RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover. Learn about the vulnerability, impact assessment, and more

Read More

Five Critically Important Facts About npm Package Security

Learn about the five critical facts about npm package security, including how attackers exploit trust, default behaviors, and dependency hell.

Read More

A Malicious Package Found Stealing AWS AIM data on npm has Similarities To Capital One Hack

Discover how a malicious package found stealing AWS AIM data on npm has similarities to the Capital One hack. Learn about the threat.

Read More

Popular JavaScript Library ua-parser-js Compromised via Account Takeover

Popular JavaScript library ua-parser-js was compromised via account takeover, releasing malicious versions.

Read More

Securing Your Package Manager’s Lockfiles

Learn how to secure your package manager’s lockfiles to protect your application from supply chain risks and ensure version consistency.

Read More

How Packages’ External Resources Threaten Your Supply Chain

Learn how external resources in packages can threaten your supply chain security, & discover ways to mitigate these risks to protect your org.

Read More

Supply Chain Security — 10 Tips That Won’t Slow Development Down

Learn how to protect your software development process from supply chain attacks with these 10 tips that won’t slow down your development.

Read More

Three New Supply Chain Attack Methods You Should Be Aware Of

Learn about Imposter Library, Brandjacking, and Security Research Smokescreen methods. Stay informed on the latest supply chain attack methods.

Read More

Subscribe to our Newsletter

Join our subscriber list to get the latest news and updates

Thanks for signing up!