Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

mend

NPM Supply Chain Attack: Sophisticated Multi-Chain Cryptocurrency Drainer Infiltrates Popular Packages

Sep 8, 2025 By Tom Abai In Mend
The NPM ecosystem faced another significant supply chain attack when 18 popular packages, including highly-used libraries like debug and chalk, were compromised with advanced cryptocurrency drainer malware. This attack, affecting packages with over 2 billion weekly downloads, demonstrates how cybercriminals are leveraging trusted software distribution channels to deploy advanced Web3 wallet hijacking code.
Read Post
teleport

Securing Identity in the Age of AI: A Buyer's Guide to Teleport

Sep 8, 2025 By Meina Ghafouri In Teleport
As enterprises embrace AI, identity has become the defining security challenge. Every new database, Kubernetes cluster, SaaS app, and now every AI agent introduces yet another identity that must be governed and protected. At the same time, attackers are weaponizing AI to accelerate identity-based threats, exploiting fragmentation and credential sprawl to devastating effect.
Read Post

The GhostAction Supply Chain Attack: Compromised GitHub Workflows And Stolen Secrets

Sep 5, 2025 By GitGuardian In GitGuardian
GitGuardian has uncovered GhostAction, a massive supply chain attack targeting 327 GitHub users and 817 repositories. Attackers injected malicious workflows that exfiltrated over 3,325 secrets, including npm, PyPI, and DockerHub tokens. Watch as GitGuardian's Senior Cybersecurity Researcher, Guillaume Valadon breaks down how this campaign unfolded, what was stolen, and what developers need to know to stay safe.
View Video

Catch Bugs Early: Dynamic Scanning & the Cake Analogy Explained #cybersec

Sep 5, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

Data Rejection and API Best Practice #cybersecurity

Sep 4, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
mend

Why AI Security Tools Are Different and 9 Tools to Know in 2025

Sep 4, 2025 By Mend.io Team In Mend
As companies embed AI models into their applications, they face risks that traditional security tools weren’t designed to catch, such as prompt injection, data leakage, model poisoning, and shadow AI. Addressing these threats requires a new class of security tools built specifically for AI specific risk.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.