More than 100K sites impacted by Polyfill supply chain attack
The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.
Tom Abai is a security researcher at Mend.io. He is passionate about finding and addressing security incidents in the software supply chain area. In his free time, he likes to play CTF’s games and learn cool stuff regarding cybersecurity.
The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.
Discover how CVE-2024-3094 affects XZ Utils and enables SSH compromise. Get insights on detection, mitigation, and system security.
Discover the latest security threat as over 100 malicious packages target popular ML PyPi libraries. Learn about the attack methods.
Discover the latest threat in town - a new info-stealer variant using Electron to remain undetected. Learn about its attack flow.
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with two million+ downloads.
Discover the threat of the 'Vibranced' npm package masquerading as 'Colors'. Learn about its stages of execution, obfuscation techniques.