Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
Choose Your Type
Choose Your Topic
Our Latest Content
How attackers leverage example apps/reproduction scripts to attack OSS maintainers
Discover how attackers can leverage example apps/reproduction scripts to attack OSS maintainers, why this is such a serious threat, and how to stop them
How to Conquer Remote Code Execution (RCE) in npm
Discover why npm is susceptible to RCE, why it’s such a serious threat, the characteristics of RCE in npm, what should be done to stop it, and how Mend Supply Chain Defender achieves this.
Three Big Myths About Application Testing With SAST Tools
Learn to differentiate between myths and facts in application testing with SAST security tools. Know how to adopt a successful SAST strategy.
Closing the Gap: Reducing Enterprise AppSec Risks Without Disrupting Deadlines
Join our webinar to discover how you can use just one interface to find and fix open source and proprietary code security issues, and how to reduce the time it takes to fix issues, so no time is wasted researching.
A Brief Guide to Cloud-Native Applications, Technology, and Security
Understand cloud native applications, the technology behind them, and their and security - why it’s important and how it relates to safeguarding cloud native applications
Forrester: The State Of Application Security, 2022
Application security teams face myriad challenges in 2022. Applications are once again the number one way in for malicious actors, and software supply chain vulnerabilities continue to climb. To move forward effectively, security professionals need to find a way to move beyond a tactical and reactive mindset to rebuild an application security that integrates tightly...
Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration
Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...
Statement from Mend on the U.S. Supreme Court Decision
In light of the Supreme Court decision in Dobbs versus Jackson Women’s Healthcare, which nullified the federal right to an abortion, we remain committed to protecting the rights of our employees. The health and well-being of our Mend team members are paramount to all that we do, and we do not take this news lightly. ...
Pride 2022: Supporting LGBTQ+ in Tech
In honor of Pride Month, two of our amazing employees share LGBTQ+ perspectives.
Six Steps to Achieve Zero Trust in Application Security
Discover the six steps to achieve zero trust in your application security and ensure that you can secure your application development quickly, early, and easily.
Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.