Schedule a Demo

Mend.io Malicious Packages

polyfill supply chain attack 1

More than 100K sites impacted by Polyfill supply chain attack

Tom Abai, AJ Starita, Carol Hildebrand Jul 1, 2024
Malicious Packages

The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.

Read More
blog 2 1

Over 100 Malicious Packages Target Popular ML PyPi Libraries

Lisa Haas Mar 28, 2024
Malicious Packages

Discover the latest security threat as over 100 malicious packages target popular ML PyPi libraries. Learn about the attack methods.

Read More
what new security threats arise from the boom in ai and llms

What New Security Threats Arise from The Boom in AI and LLMs?

Lisa Haas Nov 15, 2023
AI Models Risk

Explore the security threats arising from the boom in AI and LLMs, including data privacy, misinformation, and resource exhaustion.

Read More
what role should dependency management play as the regulation of the software supply chain escalates

What Role Should Dependency Management Play as the Regulation of the Software Supply Chain Escalates?

Adam Murray Sep 26, 2023
Dependency Updates

Discover the importance of dependency management in securing the software supply chain as regulations escalate.

Read More
eight considerations for thwarting malicious packages

8 Considerations for Thwarting Malicious Packages

Rhys Arkins Aug 29, 2023
Malicious Packages

Learn how to protect your code from malicious packages with these eight considerations. Stay ahead of supply chain security threats.

Read More
what you can do to stop software supply chain attacks

What You Can Do to Stop Software Supply Chain Attacks

Lisa Haas Aug 24, 2023
Software Supply Chain

Learn how to stop software supply chain attacks with SBOMs, best practices, and prioritizing known vulnerabilities. Protect your software.

Read More
theres a new stealer variant in town and its using electron to stay fully undetected

There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected

Lisa Haas Aug 10, 2023
Malicious Packages

Discover the latest threat in town - a new info-stealer variant using Electron to remain undetected. Learn about its attack flow.

Read More
brandjacking

What Risks Do You Run from Brandjacking, and How Do You Overcome Them?

Adam Murray Aug 1, 2023
Malicious Packages

Learn about the risks of brandjacking & how to overcome them with application security tools & practices. Protect your org from cyber threats.

Read More
cybersecurity risks posed by typosquatting and how you can beat them

What Cybersecurity Risks Does Typosquatting Pose, and How Can You Beat Them?

Adam Murray Jul 27, 2023
Application Security

Find out what typosquatting is, why it is such a threat, and what you can do to stop it.

Read More
how does slsa help strengthen software supply chain security

How Does SLSA Help Strengthen Software Supply Chain Security?

Adam Murray Jul 7, 2023
Software Supply Chain

Learn how SLSA enhances software supply chain security with levels of protection. Understand the risks, benefits, and best practices.

Read More
understanding the anatomy of a malicious package attack

Understanding the Anatomy of a Malicious Package Attack

Adam Murray Jun 13, 2023
Malicious Packages

Learn to protect your applications from malicious packages with our guide. Understand the anatomy of attacks and how to prevent them.

Read More
whats driving the adoption of sboms and whats

What’s Driving the Adoption of SBOMs? What’s Next for Them?

Lisa Haas Jun 1, 2023
SBOM

Discover what's driving the adoption of SBOMs and what's next for them in terms of malicious packages and supply chain security.

Read More
unseen risks of open source dependencies case of an abandoned name e1685538190274

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Tom Abai, Tamir Ben Ari May 31, 2023
Dependency Updates

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with two million+ downloads.

Read More
what are malicious packages blog

What are Malicious Packages? How Do They Work?

Carol Hildebrand May 9, 2023
Malicious Packages

Learn about malicious packages, how they work, and the growing threat they pose to software supply chains.

Read More
blog 2 1

Deceptive ‘Vibranced’ npm Package Discovered Masquerading as Popular ‘Colors’ Package

Lisa Haas Apr 17, 2023
Malicious Packages

Discover the threat of the 'Vibranced' npm package masquerading as 'Colors'. Learn about its stages of execution, obfuscation techniques.

Read More
Yandex Data Leak Triggers Malicious Package Publication 1

Yandex Data Leak Triggers Malicious Package Publication

Lisa Haas, Tamir Ben Ari Jan 30, 2023
Malicious Packages

Discover how the Yandex data leak triggered malicious package publication, leading to supply chain security risks.

Read More
Previous
1 2
Next

© 2025 Mend.io (White Source Ltd.) All rights reserved.