What New Security Threats Arise from The Boom in AI and LLMs?
Learn about the big threats that come with AI and LLM technology.
Choose Your Type
Choose Your Topic
Our Latest Content
What Developers Need to Succeed for Effective Application Security
Incorporate security into your development processes. Set your developers up for security success with these tips.
New ESG Research Report Outlines Best Practices for Effective Application Security Programs
Learn what the latest research says about why application security programs struggle and what you can do to strengthen your AppSec.
What Role Should Dependency Management Play as the Regulation of the Software Supply Chain Escalates?
Discover why and how dependency management has become more significant as regulation and governance of the software supply chain escalates.
Eight Considerations for Thwarting Malicious Packages
Discover eight key considerations to help you thwart the escalating threat of malicious packages and secure your software and applications.
Special Report: Malicious Packages
Learn more about the growing threat of malicious packages in this webinar with Jeanette Sherman, Sr. Product Marketing Manager - Mend.io.
What You Can Do to Stop Software Supply Chain Attacks
Discover the best practices you can employ to strengthen your software supply chain security.
There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected
See the attack flow of this new info-stealer Mend.io detected and how it can stay undetected by abusing trusted development tools like Electron.
What Risks Do You Run from Brandjacking, and How Do You Overcome Them?
What is brandjacking, why is it such a threat, and what role do AppSec security practices play in thwarting it?
What Cybersecurity Risks Does Typosquatting Pose, and How Can You Beat Them?
Find out what typosquatting is, why it is such a threat, and what you can do to stop it.
Malicious Package Trend Analysis
Join Rhys Arkins, Vice President of Product Management – Mend.io in this panel of application and software security experts as they discuss strategies for addressing the malicious packages threat vector.
Malicious Packages: A Growing Threat to the Software Supply Chain
In addition to the growing number of vulnerabilities, today’s security teams face the emerging challenge of malicious packages. Learn how to secure your applications with this White Paper.
How Does SLSA Help Strengthen Software Supply Chain Security?
Find out what SLSA is and how it contributes to software supply chain security.
Malicious Packages Special Report – Attacks Move Beyond Vulnerabilities
Join VP of Product Management, Jeff Martin and Principal Product Architect, Maciej Mensfeld as they dig into the findings from the Mend Malicious Packages Special Report.
Understanding the Anatomy of a Malicious Package Attack
Learn why malicious packages are a growing threat to application security, how they work, and what you can do to stop them
What’s Driving the Adoption of SBOMs? What’s Next for Them?
Discover two of the key drivers behind the demand and adoption of SBOMs: technical and legislative.
The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with more than two million downloads. Existing projects that haven't updated their dependencies might unwittingly pull in this new version, assuming it's a continuation of the original. Given that the new gem is now controlled by an unknown entity, it could be altered to include malicious code or to perform undesirable actions.
What are Malicious Packages? How Do They Work?
Open source code package repositories allow anyone to store or publish packages, and unfortunately that can include packages containing malware. These are known as malicious packages. Read on to learn about what they are and how they work.
Deceptive ‘Vibranced’ npm Package Discovered Masquerading as Popular ‘Colors’ Package
A new malicious package named 'Vibranced' has been detected on the Node Package Manager (npm) repository and poses a significant threat to users who may unknowingly install it. The package has been carefully crafted to mimic the popular ‘colors’ package.
Special Report: Software Supply Chain Malware
Download this report to see why malicious packages are a growing threat.
Malicious Packages Special Report Reveals 315% Spike in Attacks
Research from Mend.io’s new Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities illustrates the growing threat of malicious packages, including a 315 percent increase in attacks from 2021 to 2022.
More Security. Less Tool Switching
Discover how integrating AppSec into your repository, like Bitbucket Cloud, can improve and simplify your application security.
Yandex Data Leak Triggers Malicious Package Publication
Learn about the risks posed by leaked code and malicious packages at Russian tech giant Yandex.
Open Source Risk Report
Download this free infographic for a quick overview of the Mend.io Open Source Risk Report results.
Malicious Code Deletes Directories If You Do Not Have a License
Mend researchers identify a new type of malicious code that deletes directories.
No Festive Break for Security as Attackers Target Almost 300 NPM Packages
Our team detected an attack on npm packages that utilized typosquatting to compromise nearly 300 NPM packages.
A Busy Weekend for npm Attacks, Including ‘cors’ Typosquatting
Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm: reverse remote shell as part of typosquatting attack on the popular ‘cors’ package, and an ATO attack on the “Just Eat” organization.
To use rest_client, or to use rest-client, that is the question
Mend Research uncovered an unusual attack in RubyGems that exploited a previously existing package with a significant number of downloads to launch a typosquatting attack.
Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
Mining Malware History for Clues on Malicious Package Innovation
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
How to Conquer Remote Code Execution (RCE) in npm
Discover why npm is susceptible to RCE, why it’s such a serious threat, the characteristics of RCE in npm, what should be done to stop it, and how Mend Supply Chain Defender achieves this.
Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration
Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...
Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.
3 Critical Best Practices of Software Supply Chain Security:
Understand how software supply chains work in large enterprises, discover the most important elements of software supply chain management, and how Mend can address them.