Click on the "Follow" button below and you'll get the latest news from Mend Leadership Update: Building on Our Momentum for the Next Phase of Growth via email, mobile or you can read them on your personal news page on this site.
You can unsubscribe anytime you want easily.
You can also choose the topics or keywords that you're interested in, so you receive only what you want.
Mend Leadership Update: Building on Our Momentum for the Next Phase of Growth title: Mend.io Resource Center
Is this your feed? Claim it!
The economics of continuous security at frontier-model prices, and why the math points back to independence.
The frontier models are astonishing at finding vulnerabilities. That is not in dispute, and it is not what this piece is about. The question is not whether a frontier model can find a flaw in your code. It is whether you can afford to run one as your sca...
An attacker republished more than 140 packages in the @mastra npm scope, each carrying a single malicious dependency, easy-day-js. The malicious versions were observed on 2026-06-17. easy-day-js is a typosquat of the dayjs date library: version 1.11.21 is the clean prior release with no install hook, while version 1.11.22 adds an obfuscated postinstall dropper. Installing any...
AI models that generate code are also the best at exploiting it. Here’s why independent verification, not the model itself, is the only trustworthy answer.
This month, the US government ordered Anthropic to suspend access to its most capable models, Myth...
Software Composition Analysis (SCA) services are automated tools that scan codebases to find, identify, and manage open-source components, detecting security vulnerabilities (CVEs), licensing issues,...
On June 1, 2026, multiple npm packages in the @redhat-cloud-services scope were published with malicious versions. Each tarball ships a 4.1 MB obfuscated JavaScript file added to package.json as a preinstall hook. The hook runs a multi-stage loader that ends in a Bun-executed credential stealer hitting AWS, Azure, GCP, HashiCorp Vault, Kubernetes, GitHub Actions OIDC, npm, Bi...