Tom Abai

Tom Abai is a security researcher at Mend.io. He is passionate about finding and addressing security incidents in the software supply chain area. In his free time, he likes to play CTF’s games and learn cool stuff regarding cybersecurity.

Latest Content By Tom

More than 100K sites impacted by Polyfill supply chain attack

Tom Abai
July 1, 2024

The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.

CVE-2024-3094: Critical Backdoor Found In XZ Utils

Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise

Tom Abai
Dor Hayun
March 31, 2024

Discover how CVE-2024-3094 affects XZ Utils and enables SSH compromise. Get insights on detection, mitigation, and system security.

Over 100 Malicious Pkgs Target Popular ML Pypi Libraries

Over 100 Malicious Packages Target Popular ML PyPi Libraries

Tom Abai
March 28, 2024

Discover the latest security threat as over 100 malicious packages target popular ML PyPi libraries. Learn about the attack methods.

#Malicious Packages

There’s A New Stealer Variant In Town, And It’s Using Electron

There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected

Tom Abai
August 10, 2023

Discover the latest threat in town - a new info-stealer variant using Electron to remain undetected. Learn about its attack flow.

The Unseen Risks Of Open Source Dependencies

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Tom Abai
Tamir Ben Ari
May 31, 2023

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with two million+ downloads.

Over 100 Malicious Pkgs Target Popular ML Pypi Libraries

Deceptive ‘Vibranced’ npm Package Discovered Masquerading as Popular ‘Colors’ Package

Tom Abai
April 17, 2023

Discover the threat of the 'Vibranced' npm package masquerading as 'Colors'. Learn about its stages of execution, obfuscation techniques.