The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with two million+ downloads.
Latest Content By Tamir
Yandex Data Leak Triggers Malicious Package Publication
Discover how the Yandex data leak triggered malicious package publication, leading to supply chain security risks.
Malicious Code Deletes Directories If You Do Not Have a License
Discover how malicious code can delete directories if you don't have a license. Learn about supply chain security and license compliance.
A Busy Weekend for npm Attacks, Including ‘cors’ Typosquatting
Learn about recent npm supply chain attacks targeting the 'cors' package and the 'Just Eat' organization.
Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code
Discover how encrypted JSON files are being used to hide malicious code. Learn about the latest security findings and how to protect your apps.
Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration
Attacker floods npm with crypto-mining packages that mine Monero with default configuration. Learn about supply chain security and more.