Mend.io Malicious Packages

Discover how malicious code can delete directories if you don't have a license. Learn about supply chain security and license compliance.

Discover the risks of using rest_client versus rest-client in RubyGems. Learn how a recent attack was thwarted.

Stay informed about the latest supply chain security incident targeting npm users. Learn about the malicious packages and more.

dYdX, a popular cryptocurrency exchange, had its NPM account hacked in a supply chain attack. Learn how to protect against similar attacks.

Discover how encrypted JSON files are being used to hide malicious code. Learn about the latest security findings and how to protect your apps.

Learn how to conquer Remote Code Execution (RCE) attacks in npm. Find out why npm is susceptible, the threats of RCE, and more.

Learn about the 3 critical best practices of software supply chain security to protect your organization from malicious packages.

Discover the latest typosquatting attack on the npm package 'colors' using a cross-language technique.

Impact Analysis of RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover. Learn about the vulnerability, impact assessment, and more

Discover how threat actors are using hex encoding and delayed execution to deploy malicious packages. Learn how to protect your applications.

Discover how a malicious package found stealing AWS AIM data on npm has similarities to the Capital One hack. Learn about the threat.

Mend welcomes Diffend, an innovative software supply chain security service, to improve open source risk management.