Schedule a Demo
Blog Tom Abai

Tom Abai
Tom Abai

Tom Abai is a security researcher at Mend.io. He is passionate about finding and addressing security incidents in the software supply chain area. In his free time, he likes to play CTF's games and learn cool stuff regarding cybersecurity.
polyfill supply chain attack 1

More than 100K sites impacted by Polyfill supply chain attack

Tom Abai, AJ Starita, Carol Hildebrand Jul 1, 2024
Malicious Packages

The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.

Read More
shrinking security debt with dependency management white paper

Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise 1

Tom Abai Mar 31, 2024
Malicious Packages

Discover how CVE-2024-3094 affects XZ Utils and enables SSH compromise. Get insights on detection, mitigation, and system security.

Read More
5 Tools for Managing Dependency Updates

What is LDAP Injection? Types, Examples and How to Prevent It

Tom Abai Mar 21, 2024
Developer

Learn what LDAP Injection is, its types, examples, and how to prevent it. Secure your applications against LDAP attacks.

Read More
unseen risks of open source dependencies case of an abandoned name e1685538190274

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Tom Abai, Tamir Ben Ari May 31, 2023
Dependency Updates

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with two million+ downloads.

Read More
npm Massive Dependency Confusion Attack

Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack

Tamir Ben Ari, Tom Abai Jun 20, 2022
Open Source Security

Discover how a single author uploaded 168 malicious npm packages in a dependency confusion attack. Learn how Mend blocked these threats.

Read More

Subscribe to our Newsletter

Join our subscriber list to get the latest news and updates

Thanks for signing up! 

© 2025 Mend.io (White Source Ltd.) All rights reserved.