• Platform
    Mend-io-logo-mark
    AI Native AppSec Platform Take a tour
    Fake vs code extension on npm spreads multi-stage malware - ai
    Mend AI Secure AI powered applications
    Mend sast icon
    Mend SAST Secure proprietary code 10x faster
    Mend container small icon
    Mend Container Container security done right
    Fake vs code extension on npm spreads multi-stage malware - sca
    Mend SCA Decrease open source risk
    Fake vs code extension on npm spreads multi-stage malware - renovate
    Mend Renovate Automate dependency updates
    Expand AppSec coverage
    Fake vs code extension on npm spreads multi-stage malware - dast icon 1 DAST Fake vs code extension on npm spreads multi-stage malware - apis icon 1 API security Fake vs code extension on npm spreads multi-stage malware - eol icon EOL support
    Platform Benefits
    Fake vs code extension on npm spreads multi-stage malware - repoi icon Repo integration Scalability-icon Scalability Fake vs code extension on npm spreads multi-stage malware - reachability icon Reachability
  • Solutions
    Ai models risk - nav bar icon
    AI app security Manage risks in AI models and agents
    Ai-red-teaming-icon-
    AI red teaming Test and secure conversational AI
    Fake vs code extension on npm spreads multi-stage malware - ai gen code security nav bar icon 36x36 1
    AI gen code security Real-time AI code security
    Sbom - nav bar icon
    SBOM Move from static to effective SBOMs
    Runtime-security-nav-bar-icon
    Dynamic testing Test for risks in running applications
    Code scanning - nav bar icon
    Code scanning Find and fix known vulnerabilities
    Open source license nav bar icon
    Open source security Prevent. Prioritize. Automate.
    Open source license - nav bar icon
    Open source compliance Risk management for OSS licenses
    Dependency updates - nav bar icon
    Dependency updates Reduced risk, better code
    Container security container security
    Container security Container security, simplified
  • Company
    About us - nav bar icon
    About us Who we are
    Careers nav bar icon
    Careers Join our team
    Partners - nav bar icon
    Partners Meet our partners
    Events - nav bar icon
    Events Upcoming events
    Newsroom - nav bar icon
    Newsroom The latest Mend.io news
    Contact-us nav bar icon
    Contact us Connect with us
  • Resources
    Resource center - nav bar icon
    Resource center View our latest resources
    Blog - nav bar icon
    Blog The latest AppSec news and insights
    Podcast-icon
    Podcast Insights from leading experts
    Customers - nav bar icon
    Customers View our customer case studies
    Integrations - nav bar icon
    Integrations Find your integration
    Langugages nav bar icon
    Languages Find your language
    Vulnerability database - nav bar icon
    Vulnerability database Mend.io's OSS vulnerability database
    Documentation - nav bar icon
    Documentation Product and feature documentation
    Featured
    Fake vs code extension on npm spreads multi-stage malware - featured image
    A CISO’s Guide to Securing AI from the Start
    Fake vs code extension on npm spreads multi-stage malware - practical guide to sast white paper image
    A Practical Guide to Making the Most of your SAST Investment
Schedule a Demo

Mend.io Blog

Npm supply chain attack: sophisticated multi-chain cryptocurrency drainer infiltrates popular packages
Tom Abai Sep 8, 2025

NPM Supply Chain Attack: Sophisticated Multi-Chain Cryptocurrency Drainer Infiltrates Popular Packages

LATEST
Learn more

Filter & Search

Fake vs code extension on npm spreads multi-stage malware - truffelvscode blog post

Fake VS Code Extension on npm Spreads Multi-Stage Malware

Tom Abai Feb 6, 2025
Malicious Packages

Learn about a fake VS-code extension on npm—truffelvscode—typosquatting the popular truffle for VS-code extension.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - owasp top 10 llm application vulnerabilities

2025 OWASP Top 10 for LLM Applications: A Quick Guide

Aurora Starita Feb 6, 2025
AI Models Risk

An overview of the top vulnerabilities affecting large language model (LLM) applications.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - mend sast ai remediation graphic

AI Powered Remediation: Mend SAST Performs +46% Better Than Competitors

Aurora Starita Jan 28, 2025
Application Security

See how Mend SAST's AI powered automated remediation eliminates vulnerabilities with speed & accuracy.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - jetbrains partnership blog

Mend.io and JetBrains Partner to Bring Enhanced Code Security to Developers

Mend.io Team Jan 21, 2025
Application Security

Announcing a partnership between Mend.io and JetBrains for IDE and Qodana.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - mend renovate enterprise cloud launch blog

Mend Renovate Enterprise Cloud: Dependency Updates at Scale

Mend.io Team Jan 15, 2025
Dependency Updates

Announcing the launch of our cloud-based solution for automated dependency updates.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - cvss3. 1 vs cvss4 blog

CVSS 3.1 vs CVSS 4.0: A Look at the Data

Aurora Starita Jan 13, 2025
Application Security

CVSS base scores are up in the latest version of the scoring system. What does that mean for AppSec practitioners?

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - cve critical race condition in apache tomcat blog

CVE-2024-50379: A Critical Race Condition in Apache Tomcat

Tom Abai Dec 19, 2024
Malicious Packages

An Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - backstage plugin announcement blog post

Mend.io – Backstage Integration: Bringing Security Insights Where You Need Them

Aurora Starita Dec 18, 2024
Application Security

Backstage offers wide views and controls across the development process and with the Mend.io plugin, deep insights into application risks overall or by project.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - solana supply chain security blog graphic

The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security

Tom Abai Dec 5, 2024
Malicious Packages

This post covers the attack flow, how it happened, and the importance of supply chain security.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - benefits of vex for sboms post

Benefits of VEX for SBOMs

Sarah Moglia Nov 26, 2024
Application Security

SBOMs alone are overwhelming. Learn how VEX adds context, highlighting real threats for efficient risk management.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - the software composition analysis software landscape q4 2024 post

Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024

Mend.io Team Nov 13, 2024
Open Source Security

See why Mend.io is recognized as a Strong Performer in The Forrester Wave™ Software Composition Analysis (SCA) Q4 2024 report.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - infrastructure as code iac

Infrastructure as Code: Benefits, Tools & Best Practices

Mend.io Team Oct 29, 2024
DevSecOps

Learn about Infrastructure as Code (IaC) best practices, benefits, and tools.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - all about rag blog post

All About RAG: What It Is and How to Keep It Secure

Bar-El Tayouri Oct 24, 2024
AI Models Risk

Learn about retrieval-augmented generation, one complex AI system that developers are using.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - understanding software dependency package health post

Vital Signs of Software Dependencies: Understanding Package Health

Sarah Moglia Oct 15, 2024
Dependency Updates

Learn how package health data empowers developers to update safely and efficiently.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - blog its cybersecurity awareness month lets talk appsec

It‘s Cybersecurity Awareness Month-Let‘s Talk AppSec

Chris Lindsey Oct 14, 2024
Application Security

October is Cybersecurity Awareness Month. Learn how to protect your software and reduce risks with AppSec tips.

Read More Read More
Fake vs code extension on npm spreads multi-stage malware - cybersecurity awareness month blog post

Cybersecurity Awareness Month: AI Safety for Friends and Family

Sarah Moglia Oct 10, 2024
AI Models Risk

This blog is for your friends and family working outside of the security and technical industries.

Read More Read More
Previous
1 2 3 4 5 6 7 ... 33
Next

Subscribe to our Newsletter

Join our subscriber list to get the latest news and updates

Thanks for signing up! 

© 2025 Mend.io (White Source Ltd.) All rights reserved.