Please turn JavaScript on
Find more feeds

Mend Leadership Update: Building on Our Momentum for the Next Phase of Growth

Is this your feed? Claim it!

Publisher:  Unclaimed!
Message frequency:  0.25 / day

Message History

Miasma: Red Hat Cloud Services npm Packages Hit by a Mini Shai-Hulud-Style Campaign

On June 1, 2026, multiple npm packages in the @redhat-cloud-services scope were published with malicious versions. Each tarball ships a 4.1 MB obfuscated JavaScript file added to package.json as a preinstall hook. The hook runs a multi-stage loader that ends in a Bun-executed credential stealer hitting AWS, Azure, GCP, HashiCorp Vault, Kubernetes, GitHub Actions OIDC, npm, Bi...


Read full story
Laravel-Lang Composer tag-rewrite Supply Chain Attack

On 2026-05-22, an attacker rewrote every repository tag across four Composer packages in the Laravel-Lang ecosystem to point at malicious commits. The affected packages are laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statuses, and laravel-lang/actions. The rewrite took place on 2026-05-22 into the early hours of 2026-05-23. Every malicious commit makes the s...


Read full story
The EU Cyber Resilience Act: A Complete Compliance Guide for 2026 and Beyond
Key takeaways The Cyber Resilience Act (CRA) entered into force on December 10, 2024 and applies to nearly every "product with digital elements" sold in the EU. Vulnerability and incident reporting obligations begin on September 11, 2026. Manufacturers will have 24 hours to file an early warning and 7...

Read full story
Mini Shai-Hulud Hits @antv: 323 npm Packages Compromised Through the atool Maintainer Account

An active supply chain attack has compromised 323 npm packages published under the atool npm maintainer account. The wave sweeps the entire @antv data-visualization organization alongside standalone libraries with wide independent adoption: echarts-for-react, timeago.js, size-sensor, and canvas-nest.js. With echarts-for-react pulling roughly 1.1 million weekly downloads, any ...


Read full story
Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread

On May 11, 2026, Mend Defender flagged more than 120 malicious packages newly published to RubyGems — the standard package manager for the Ruby ecosystem. Within 24 hours, that initial cluster expanded into something far larger: tens of thousands of packages pushed by...


Read full story