Mend.io + Jira Security: Doing DevSecOps Better Together
Learn how Mend.io integration enhancements for Jira Security build seamless adoption and collaborative DevSecOps.
Choose Your Type
Choose Your Topic
Our Latest Content
What are Malicious Packages? How Do They Work?
Open source code package repositories allow anyone to store or publish packages, and unfortunately that can include packages containing malware. These are known as malicious packages. Read on to learn about what they are and how they work.
RSA Conference 2023: Key Takeaways From Our Five Favorite Sessions
Key takeaways from five of the more noteworthy sessions we attended at RSA 2023.
RSA is Almost Here and We Have Thoughts
Read on to hear our predictions on the hot topics at RSA this year, and what Mend.io will be up to at the show.
Malicious Packages Special Report Reveals 315% Spike in Attacks
Research from Mend.io’s new Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities illustrates the growing threat of malicious packages, including a 315 percent increase in attacks from 2021 to 2022.
Key Considerations for Building a Successful Cloud Security Program
Discover what the key considerations are for building a successful cloud security, according to a recent panel discussion attended by Mend’s Jack Marsal.
The Five Key Principles of Modern Application Security
Learn the five key principles of modern application security and why they’re so vital.
Will Biden’s National Cybersecurity Strategy Trigger AppSec Change?
New Biden Cybersecurity Strategy Assigns Responsibility to Tech Firms
Just Who Exactly Should Take Responsibility for Application Security?
Learn who should take responsibility for application security, according to Mend VP of Product Management Jeffrey Martin.
Yandex Data Leak Triggers Malicious Package Publication
Learn about the risks posed by leaked code and malicious packages at Russian tech giant Yandex.
Software and AppSec Challenges and Opportunities in Banking and Fintech — Part Two
Part two of three blogs in a series that focuses on the challenges, opportunities and solutions for software and application security in banking and fintech.
Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
Software and AppSec Challenges and Opportunities in Banking and Fintech — Part One
Experts from Mend, FINOS, the Linux Foundation and Morgan Stanley discuss the challenges and opportunities of software and application security in banking and fintech. Part one of three.
Malicious Code Deletes Directories If You Do Not Have a License
Mend researchers identify a new type of malicious code that deletes directories.
Mend’s Trends for 2023
Several Mend experts offer insight into what they expect to see in 2023 – and some ideas on how to prepare.
Introducing the Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
Modern Application Security Needs More Than Tech. Don’t Neglect Governance
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
DevSecOps: A Comprehensive Guide to Securely Managing Your DevOps Workflow
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.
Top Three User Priorities for Software Composition Analysis
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.
Advisory: New OpenSSL Critical Security Vulnerability
What we know about the new OpenSSL critical security vulnerability.
Meticulous Prep and Planning–A Linchpin of Modern AppSec Programs
Explaining the first principle of modern application security programs: meticulous prep and planning.
Six Golden Rules for Software and Application Security
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
Are You CODEfident?
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
Building a Modern Application Security Strategy for an App-Run World
As a foundational element of the online world, applications are a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To adapt and defend against our constantly evolving threat landscape, organizations need to build a modern AppSec strategy based on today’s digital world. Join Jeffrey Martin, VP of Outbound Product...
Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
How Manufacturing Companies can Safeguard Software and Assure Robust Quality and Compliance
Software and application security and compliance can have an impact on traditional manufacturing businesses, especially those working at scale. Learn why, and how Mend has helped the manufacturer, Kärcher, meet these challenges.
White House Issues New Guidelines on Software Supply Chain Security – What Are the Challenges and Possible Outcomes?
The White House and the Executive Office of the President of the U.S, issued a memorandum of guidelines to enhance the security of the software supply chain through secure software development practices. Discover what their key points are, why they've been introduced, and how they might shape the future of cybersecurity.
Why Cybersecurity Must Mend Its Ways To Thwart Modern Threats
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
Mining Malware History for Clues on Malicious Package Innovation
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
Mend API Helps Make SBOMs Simple
Discover how Mend has accelerated and automated the production of SBOMs with an API
Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration
Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...
3 Critical Best Practices of Software Supply Chain Security:
Understand how software supply chains work in large enterprises, discover the most important elements of software supply chain management, and how Mend can address them.
A Weaponized npm Package ’@core-pas/cyb-core’ Proclaimed Pentesting Related
On June 6th, 2022, the Mend research team detected and flagged a malicious dependency confusion attack in npm exfiltrating Windows SAM and SYSTEM files.
Introducing Mend Supply Chain Defender Integration with JFrog Artifactory
Mend announces integration of Supply Chain Defender (formerly Diffend) with JFrog Artifactory Plug-In.