Mend Leadership Update: Building on Our Momentum for the Next Phase of Growth

Part 4 of the TeamPCP Supply Chain Series

Part 1 covered CanisterWorm. Part 2 covered the malicious

Why the next Log4Shell will be won or lost in the first 72 hours—and what a modern zero‑day workflow looks like.

Every security team remembers where they were when Log4Shell dropped. A quiet Friday afternoon in December 2021 turned into a weekend of war rooms, emergency patches, and executive updates. Years on, the Log4j fallout still shows up in breach reports...

An AI just found critical vulnerabilities that survived decades of human review. If your security program isn’t built for this moment, it’s already behind.

Surprise! An AI just did what your security team couldn’t.

Last week, Anthropic announced that

Mend.io’s new Docker Hardened Images integration brings DHI intelligence directly into the AppSec workflow, giving a smarter, faster path to container security.

Container scanning has a noise problem.

Run a standard scan against any production image, and you’ll surface thousands of CVEs. Your team triages them, prioritizes them, assigns them—and t...

On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and 0.30.4) to the npm registry. Both versions included a new dependency named plain-crypto-js which, in its 4.2.1 release, contained a fully-featured cross-platform dropper that silently installed a Remote Access Trojan (RAT) on developer machines. The pack...