Tamir Ben Ari

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service’, a retired Ruby gem with two million+ downloads.

Discover how the Yandex data leak triggered malicious package publication, leading to supply chain security risks.

Discover how malicious code can delete directories if you don’t have a license. Learn about supply chain security and license compliance.

Discover how encrypted JSON files are being used to hide malicious code. Learn about the latest security findings and how to protect your apps.

Discover how a single author uploaded 168 malicious npm packages in a dependency confusion attack. Learn how Mend blocked these threats.

Discover the latest typosquatting attack on the npm package ‘colors’ using a cross-language technique.

Discover how AWS was targeted by a malicious package backfill attack, the methods used by attackers, and how to protect against such attacks.

Learn why automated software supply chain attacks are a growing threat. Discover how to protecting your org from malicious NPM packages.