Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
Choose Your Type
Choose Your Topic
Our Latest Blog Posts
How attackers leverage example apps/reproduction scripts to attack OSS maintainers
Discover how attackers can leverage example apps/reproduction scripts to attack OSS maintainers, why this is such a serious threat, and how to stop them
How to Conquer Remote Code Execution (RCE) in npm
Discover why npm is susceptible to RCE, why it’s such a serious threat, the characteristics of RCE in npm, what should be done to stop it, and how Mend Supply Chain Defender achieves this.
Three Big Myths About Application Testing With SAST Tools
Learn to differentiate between myths and facts in application testing with SAST security tools. Know how to adopt a successful SAST strategy.
A Brief Guide to Cloud-Native Applications, Technology, and Security
Understand cloud native applications, the technology behind them, and their and security - why it’s important and how it relates to safeguarding cloud native applications
Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration
Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...
Statement from Mend on the U.S. Supreme Court Decision
In light of the Supreme Court decision in Dobbs versus Jackson Women’s Healthcare, which nullified the federal right to an abortion, we remain committed to protecting the rights of our employees. The health and well-being of our Mend team members are paramount to all that we do, and we do not take this news lightly. ...
Pride 2022: Supporting LGBTQ+ in Tech
In honor of Pride Month, two of our amazing employees share LGBTQ+ perspectives.
Six Steps to Achieve Zero Trust in Application Security
Discover the six steps to achieve zero trust in your application security and ensure that you can secure your application development quickly, early, and easily.
Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.
3 Critical Best Practices of Software Supply Chain Security:
Understand how software supply chains work in large enterprises, discover the most important elements of software supply chain management, and how Mend can address them.
3 New GitHub Features to Reinforce Your Code, Repo, and Dependency Security
Discover three great new GitHub features to strengthen your security and learn why dependency security is vital to safeguarding your code and data.