Tom Abai

Tom Abai

Tom Abai is a security researcher at Mend.io. He is passionate about finding and addressing security incidents in the software supply chain area. In his free time, he likes to play CTF’s games and learn cool stuff regarding cybersecurity.

More than 100K sites impacted by Polyfill supply chain attack

Tom Abai 1 Jul 2024

Malicious Packages

The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.

Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise 1

Dor Hayun, Tom Abai 31 Mar 2024

Malicious Packages

Discover how CVE-2024-3094 affects XZ Utils and enables SSH compromise. Get insights on detection, mitigation, and system security.

Over 100 Malicious Packages Target Popular ML PyPi Libraries

Tom Abai 28 Mar 2024

Malicious Packages

Discover the latest security threat as over 100 malicious packages target popular ML PyPi libraries. Learn about the attack methods.

What is LDAP Injection? Types, Examples and How to Prevent It

Tom Abai 21 Mar 2024

Developer

Learn what LDAP Injection is, its types, examples, and how to prevent it. Secure your applications against LDAP attacks.

There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected

Tom Abai 10 Aug 2023

Malicious Packages

Discover the latest threat in town – a new info-stealer variant using Electron to remain undetected. Learn about its attack flow.

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Tamir Ben Ari, Tom Abai 31 May 2023

Dependency Updates

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service’, a retired Ruby gem with two million+ downloads.

Deceptive ‘Vibranced’ npm Package Discovered Masquerading as Popular ‘Colors’ Package

Tom Abai 17 Apr 2023

Malicious Packages

Discover the threat of the ‘Vibranced’ npm package masquerading as ‘Colors’. Learn about its stages of execution, obfuscation techniques.

MEND PLATFORM

Expand AppSec Coverage

Featured

From Reactive to Effective: Building Application Security that Works

Enhance Supply Chain Security with Proactive SBOM Management

More than 100K sites impacted by Polyfill supply chain attack

Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise 1

Over 100 Malicious Packages Target Popular ML PyPi Libraries

What is LDAP Injection? Types, Examples and How to Prevent It

There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Deceptive ‘Vibranced’ npm Package Discovered Masquerading as Popular ‘Colors’ Package

Subscribe to our Newsletter

Products

Solutions

Company

Resources

Connect

Developer Tools

MEND PLATFORM

Expand AppSec Coverage

Featured

From Reactive to Effective: Building Application Security that Works

Enhance Supply Chain Security with Proactive SBOM Management

<img width="150" height="150" decoding="async" class="afc-image" src="https://www.mend.io/wp-content/uploads/2024/07/Tom-Abai-150x150.png" alt="" loading="lazy" /> Tom Abai

More than 100K sites impacted by Polyfill supply chain attack

Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise 1

Over 100 Malicious Packages Target Popular ML PyPi Libraries

What is LDAP Injection? Types, Examples and How to Prevent It

There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Deceptive ‘Vibranced’ npm Package Discovered Masquerading as Popular ‘Colors’ Package

Subscribe to our Newsletter

Products

Solutions

Company

Resources

Connect

Developer Tools

Tom Abai