Malicious Packages

More than 100K sites impacted by Polyfill supply chain attack

July 1st, 2024 Lisa Haas

The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.

Over 100 Malicious Pkgs Target Popular ML Pypi Libraries

Over 100 Malicious Packages Target Popular ML PyPi Libraries

March 28th, 2024 Ron Sigalov

Discover the latest security threat as over 100 malicious packages target popular ML PyPi libraries. Learn about the attack methods.

What New Security Threats Arise From The Boom In AI & LLMs?

What New Security Threats Arise from The Boom in AI and LLMs?

November 15th, 2023 Angelika Skrobot

Explore the security threats arising from the boom in AI and LLMs, including data privacy, misinformation, and resource exhaustion.

What Role Should Dependency Management Play as the Regulation of the Software Supply Chain Escalates?

September 26th, 2023 Adam Murray

Discover the importance of dependency management in securing the software supply chain as regulations escalate.

Eight Considerations For Thwarting Malicious Packages

8 Considerations for Thwarting Malicious Packages

August 29th, 2023 Rhys Arkins

Learn how to protect your code from malicious packages with these eight considerations. Stay ahead of supply chain security threats.

What You Can Do to Stop Software Supply Chain Attacks

August 24th, 2023 Angelika Skrobot

Learn how to stop software supply chain attacks with SBOMs, best practices, and prioritizing known vulnerabilities. Protect your software.

There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected

August 10th, 2023 Ron Sigalov

Discover the latest threat in town – a new info-stealer variant using Electron to remain undetected. Learn about its attack flow.

What Risks Do You Run from Brandjacking, and How Do You Overcome Them?

August 1st, 2023 Adam Murray

Learn about the risks of brandjacking & how to overcome them with application security tools & practices. Protect your org from cyber threats.

Cybersecurity Risks Typosquatting Poses And How To Beat Them

What Cybersecurity Risks Does Typosquatting Pose, and How Can You Beat Them?

July 27th, 2023 Adam Murray

Find out what typosquatting is, why it is such a threat, and what you can do to stop it.

How Does SLSA Help Strengthen Software Supply Chain Security?

July 7th, 2023 Adam Murray

Learn how SLSA enhances software supply chain security with levels of protection. Understand the risks, benefits, and best practices.

Understanding the Anatomy of a Malicious Package Attack

June 13th, 2023 Angelika Skrobot

Learn to protect your applications from malicious packages with our guide. Understand the anatomy of attacks and how to prevent them.

What’s Driving the Adoption of SBOMs? What’s Next for Them?

June 1st, 2023 Angelika Skrobot

Discover what’s driving the adoption of SBOMs and what’s next for them in terms of malicious packages and supply chain security.

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

May 31st, 2023 Angelika Skrobot

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service’, a retired Ruby gem with two million+ downloads.

What are Malicious Packages? How Do They Work?

May 9th, 2023 Carol Hildebrand

Learn about malicious packages, how they work, and the growing threat they pose to software supply chains.

Deceptive ‘Vibranced’ npm Package Discovered Masquerading as Popular ‘Colors’ Package

April 17th, 2023 Angelika Skrobot

Discover the threat of the ‘Vibranced’ npm package masquerading as ‘Colors’. Learn about its stages of execution, obfuscation techniques.

Yandex Data Leak Triggers Malicious Package Publication

January 30th, 2023 Lisa Haas

Discover how the Yandex data leak triggered malicious package publication, leading to supply chain security risks.

MEND PLATFORM

Expand AppSec Coverage

Featured

From Reactive to Effective: Building Application Security that Works

Enhance Supply Chain Security with Proactive SBOM Management