Malicious Packages

Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code

Tamir Ben Ari Aug 2, 2022

Malicious Packages

Discover how encrypted JSON files are being used to hide malicious code. Learn about the latest security findings and how to protect your apps.

How to Conquer Remote Code Execution (RCE) in npm

Maciej Mensfeld Jul 19, 2022

Malicious Packages

Learn how to conquer Remote Code Execution (RCE) attacks in npm. Find out why npm is susceptible, the threats of RCE, and more.

3 Critical Best Practices of Software Supply Chain Security

Tiffany Jennings Jun 20, 2022

Software Supply Chain

Learn about the 3 critical best practices of software supply chain security to protect your organization from malicious packages.

New Typosquatting Attack on npm Package ’colors’ Using Cross language Technique Explained

Maria Korlotian, Tamir Ben Ari May 12, 2022

Malicious Packages

Discover the latest typosquatting attack on the npm package 'colors' using a cross-language technique.

Impact Analysis: RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover

Maciej Mensfeld May 10, 2022

Malicious Packages

Impact Analysis of RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover. Learn about the vulnerability, impact assessment, and more

A Malicious Package Found Stealing AWS AIM data on npm has Similarities To Capital One Hack

Maciej Mensfeld Feb 2, 2022

Malicious Packages

Discover how a malicious package found stealing AWS AIM data on npm has similarities to the Capital One hack. Learn about the threat.

Welcome to Mend, Diffend!

Rhys Arkins Apr 20, 2021

Malicious Packages

Mend welcomes Diffend, an innovative software supply chain security service, to improve open source risk management.

Mend.io Malicious Packages