From Zero to RCE: How a Single HTTP Request Compromises React and Next.js Applications
Discover a critical security flaw that enables remote code execution in React Server Components ... Read More
NPM Ecosystem Under Siege: Self-Propagating Malware Compromises 187 Packages in a Huge Supply Chain Attack
A major NPM breach exposed 187 packages ... Read More
NPM Supply Chain Attack: Sophisticated Multi-Chain Cryptocurrency Drainer Infiltrates Popular Packages
A sophisticated npm supply chain attack compromised popular packages ... Read More
More than 100K sites impacted by Polyfill supply chain attack
The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices ... Read More
Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise
The Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the PyPi registry. The post Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise appeared first on Mend ... Read More
Over 100 Malicious Packages Target Popular ML PyPi Libraries
The Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the PyPi registry. The post Over 100 Malicious Packages Target Popular ML PyPi Libraries appeared first on Mend ... Read More
There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected
See the attack flow of this new info-stealer Mend.io detected and how it can stay undetected by abusing trusted development tools like Electron. The post There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected appeared first on Mend ... Read More
