Guides
Protect AI models, data, and systems
Test for behavioral risks in conversational AI
Mitigating risks and future trends
AppSec types, tools, and best practices
Automating dependency updates
Manage open source code
Keep source code safe
Improve transparency, security, and compliance
Pre-production scanning and runtime protection
Secure containerized applications
What Risks Do You Run from Brandjacking, and How Do You Overcome Them?
Learn about the risks of brandjacking & how to overcome them with application security tools & practices. Protect your org from cyber threats.
What Cybersecurity Risks Does Typosquatting Pose, and How Can You Beat Them?
Find out what typosquatting is, why it is such a threat, and what you can do to stop it.
How Does SLSA Help Strengthen Software Supply Chain Security?
Learn how SLSA enhances software supply chain security with levels of protection. Understand the risks, benefits, and best practices.
Understanding the Anatomy of a Malicious Package Attack
Learn to protect your applications from malicious packages with our guide. Understand the anatomy of attacks and how to prevent them.
What’s Driving the Adoption of SBOMs? What’s Next for Them?
Discover what's driving the adoption of SBOMs and what's next for them in terms of malicious packages and supply chain security.
The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with two million+ downloads.
What are Malicious Packages? How Do They Work?
Learn about malicious packages and the growing threat they pose to software supply chains.
Deceptive ‘Vibranced’ npm Package Discovered Masquerading as Popular ‘Colors’ Package
Discover the threat of the 'Vibranced' npm package masquerading as 'Colors'. Learn about its stages of execution, obfuscation techniques.
Yandex Data Leak Triggers Malicious Package Publication
Discover how the Yandex data leak triggered malicious package publication, leading to supply chain security risks.
Malicious Code Deletes Directories If You Do Not Have a License
Discover how malicious code can delete directories if you don't have a license. Learn about supply chain security and license compliance.
To use rest_client, or to use rest-client, that is the question
Discover the risks of using rest_client versus rest-client in RubyGems. Learn how a recent attack was thwarted.
Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm
Stay informed about the latest supply chain security incident targeting npm users. Learn about the malicious packages and more.
Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked
dYdX, a popular cryptocurrency exchange, had its NPM account hacked in a supply chain attack. Learn how to protect against similar attacks.
Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code
Discover how encrypted JSON files are being used to hide malicious code. Learn about the latest security findings and how to protect your apps.
How to Conquer Remote Code Execution (RCE) in npm
Learn how to conquer Remote Code Execution (RCE) attacks in npm. Find out why npm is susceptible, the threats of RCE, and more.
3 Critical Best Practices of Software Supply Chain Security
Learn about the 3 critical best practices of software supply chain security to protect your organization from malicious packages.
Map your maturity against the global standards. Receive a personalized readiness report in under 5 minutes.
