Learn more about application security, DevSecOps, license compliance, supply chain security, and malicious packages.
Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...
In light of the Supreme Court decision in Dobbs versus Jackson Women’s Healthcare, which nullified the federal right to an abortion, we remain committed to protecting the rights of our employees. The health and well-being of our Mend team members are paramount to all that we do, and we do not take this news lightly. ...
In honor of Pride Month, two of our amazing employees share LGBTQ+ perspectives.
Discover the six steps to achieve zero trust in your application security and ensure that you can secure your application development quickly, early, and easily.
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.
Understand how software supply chains work in large enterprises, discover the most important elements of software supply chain management, and how Mend can address them.
Discover three great new GitHub features to strengthen your security and learn why dependency security is vital to safeguarding your code and data.
On June 6th, 2022, the Mend research team detected and flagged a malicious dependency confusion attack in npm exfiltrating Windows SAM and SYSTEM files.
After two years of virtual events, the Mend team was beyond excited to gather in San Francisco’s Moscone Center and connect with the tech community face to face. This year’s theme was ‘transformation,’ which couldn’t be more appropriate for us as we unveiled our new company name and integrated application security platform with automated remediation...
Learn about the importance of a cloud security architecture, the main risks you should consider when building it, and key principles to guide your work.
Mend announces integration of Supply Chain Defender (formerly Diffend) with JFrog Artifactory Plug-In.
Introducing the Mend Application Security Platform, which offers automated remediation for both open source and custom code.
Learn how Mend is bringing RSA 2022’s “transform” theme to life with its own transformation, what that means for customers, and what we’re anticipating from the conference.
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Understand the difference between vulnerability remediation and mitigation. Discover tools and an organizational process that can help you remediate vulnerabilities.
Mend security analyzed the possible impact of a newly discovered RubyGems vulnerability that uses cache poisoning to implement an unauthorized takeover of new gem versions.
Mend security team blocked a malicious npm package that uses a novel approach to disguise and execution.
Using data from Supply Chain Defender, the Mend research team conducted an impact analysis of a recent critical CVE disclosed for RubyGems.
Learn about the NIST C-SCRM program, its approach to supply chain security, and 4 critical best practices NIST recommends to secure your digital supply chains.
Discover why cybersecurity will be a hot topic at KubeCon 2022. Learn why standard vulnerability scoring is no longer sufficient, and find out why priority scoring is the future of vulnerability management.
On April 28 and April 30, respectively, Supply Chain Defender identified, blocked, and reported two packages we deemed were malicious versions of original Amazon Web Services (AWS) packages. Mend security experts have reached out to contacts at Amazon to notify them of our findings. This discovery may point to a new takeover method that targets...
Learn how vulnerability assessment tools work, key features and capabilities, and discover five great tools that can help you scan and remediate vulnerabilities.
Daniel Elkabes, lead security researcher at Mend sat down with CyberNews to discuss security best practices for addressing threats.
Learn about supply chain security, supply chain attacks, and how to protect your organization against this severe threat.
Mend security has uncovered malicious packages using hex encoding and delayed execution
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Learn 3 best practices for effective remediation of the Spring4Shell zero-day vulnerability.
From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing...
CVE-2022-22965, a zero-day RCE vulnerability known as Spring4Shell, has been found in the popular Spring framework for Java apps.
Learn how to set a benchmark of false positives with SAST tools. Know how to measure the success of SAST tools. Understand how Mend SAST Helps.
Discover the top Static Application Security Testing (SAST) solutions, their key features, and what makes a great SAST tool.
Learn the effects of SAST false positives. Know their common causes. Understand how to address them without sacrificing software quality and security.
Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.
Learn how to implement a software supply chain risk management strategy in your enterprise. Discover risk management best practices, benefits, and more.
Both SAST and SCA tools address software vulnerabilities, while SCA covers open source code and SAST covers proprietary. Here are 7 main differences between these two.