Threat Actor Deploys Malicious Packages Using Hex Encoding and Delayed Execution
Mend security has uncovered malicious packages using hex encoding and delayed execution
Choose Your Type
Choose Your Topic
Our Latest Content
Automated Software Supply Chain Attacks: Should You be Worried?
From the factory floor to online shopping, the benefits of automation are clear: larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing...
Best Practices For Managing Ruby Supply Chain Security Risks
Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.
Five Critically Important Facts About npm Package Security
Mend Supply Chain Defender detected and reported more than 1,300 malicious npm packages in 2021, and its researchers have developed this list of facts that are vital to understanding npm package security
A Malicious Package Found Stealing AWS AIM data on npm has Similarities To Capital One Hack
Mend Supply Chain Defender detects the new release of a package called @maui-mf/app-auth that used a vector of attack similar to the server side request forgery (SSRF) attack against Capital One in 2019
Popular JavaScript Library ua-parser-js Compromised via Account Takeover
A popular npm package with more than 7 million weekly downloads was compromised, bringing supply chain security into the headlines once again.