WhiteSource is Now Mend: You Code, We Cure
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Choose Your Type
Choose Your Topic
Our Latest Blog Posts
Vulnerability Remediation: A Practical Guide
Understand the difference between vulnerability remediation and mitigation. Discover tools and an organizational process that can help you remediate vulnerabilities.
Impact Analysis: CVE-2022-29218, Allows Unauthorized Takeover of New Gem Versions via Cache Poisoning
WhiteSource security analyzed the possible impact of a newly discovered RubyGems vulnerability that uses cache poisoning to implement an unauthorized takeover of new gem versions.
New Typosquating Attack on npm Package ‘colors’ Using Cross language Technique Explained
Mend security team blocked a malicious npm package that uses a novel approach to disguise and execution.
Impact Analysis: RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover
Using data from Diffend, the Mend research team conducted an impact analysis of a recent critical CVE disclosed for RubyGems.
What is the NIST Supply Chain Risk Management Program?
Learn about the NIST C-SCRM program, its approach to supply chain security, and 4 critical best practices NIST recommends to secure your digital supply chains.
Why Vulnerability Management Must Go Beyond CVSS to Priority Scoring
Discover why cybersecurity will be a hot topic at KubeCon 2022. Learn why standard vulnerability scoring is no longer sufficient, and find out why priority scoring is the future of vulnerability management.
AWS Targeted by a Package Backfill Attack
On April 28 and April 30, respectively, Mend Diffend identified, blocked, and reported two packages we deemed were malicious versions of original Amazon Web Services (AWS) packages. Whitesource security experts have reached out to contacts at Amazon to notify them of our findings. This discovery may point to a new takeover method that targets packages...
5 Vulnerability Assessment Scanning Tools: 5 Solutions Compared
Learn how vulnerability assessment tools work, key features and capabilities, and discover five great tools that can help you scan and remediate vulnerabilities.
Cybernews/ Mend: It’s No Longer a Matter of ‘If’, but ‘When’ an Organization Will Be Targeted by Threat Actors
Daniel Elkabes, lead security researcher at Mend sat down with CyberNews to discuss security best practices for addressing threats.
Software Supply Chain Security: The Basics and Four Critical Best Practices
Learn about supply chain security, supply chain attacks, and how to protect your organization against this severe threat.
Threat Actor Deploys Malicious Packages Using Hex Encoding and Delayed Execution
Mend security has uncovered malicious packages using hex encoding and delayed execution