The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with two million+ downloads.
Tamir Ben Ari is a malware researcher at Mend.io specializing in software supply chain. Previously, he held the role of security researcher at Mend.io, which included detailed vulnerability research in open source libraries.
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with two million+ downloads.
Discover how the Yandex data leak triggered malicious package publication, leading to supply chain security risks.
Discover how malicious code can delete directories if you don't have a license. Learn about supply chain security and license compliance.
Learn about recent npm supply chain attacks targeting the 'cors' package and the 'Just Eat' organization.
Discover how encrypted JSON files are being used to hide malicious code. Learn about the latest security findings and how to protect your apps.
Attacker floods npm with crypto-mining packages that mine Monero with default configuration. Learn about supply chain security and more.