Schedule a Demo
Blog Tom Abai

Tom Abai

Tom Abai is a security researcher at Mend.io. He is passionate about finding and addressing security incidents in the software supply chain area. In his free time, he likes to play CTF's games and learn cool stuff regarding cybersecurity.

More than 100K sites impacted by Polyfill supply chain attack

Tom Abai 1 Jul 2024
Supply Chain Security

The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.

Read More

Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise 1

Tom Abai, Dor Hayun 31 Mar 2024
Application Security

Discover how CVE-2024-3094 affects XZ Utils and enables SSH compromise. Get insights on detection, mitigation, and system security.

Read More

Over 100 Malicious Packages Target Popular ML PyPi Libraries

Tom Abai 28 Mar 2024
Malicious Packages

Discover the latest security threat as over 100 malicious packages target popular ML PyPi libraries. Learn about the attack methods.

Read More

What is LDAP Injection? Types, Examples and How to Prevent It

Tom Abai 21 Mar 2024
Developer

Learn what LDAP Injection is, its types, examples, and how to prevent it. Secure your applications against LDAP attacks.

Read More

There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected

Tom Abai 10 Aug 2023
Application Security

Discover the latest threat in town – a new info-stealer variant using Electron to remain undetected. Learn about its attack flow.

Read More

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Tom Abai, Tamir Ben Ari 31 May 2023
Malicious Packages

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service’, a retired Ruby gem with two million+ downloads.

Read More

Deceptive ‘Vibranced’ npm Package Discovered Masquerading as Popular ‘Colors’ Package

Tom Abai 17 Apr 2023
Malicious Packages

Discover the threat of the ‘Vibranced’ npm package masquerading as ‘Colors’. Learn about its stages of execution, obfuscation techniques.

Read More
Previous
1
Next

Subscribe to our Newsletter

Join our subscriber list to get the latest news and updates

Thanks for signing up! 

© 2024 Mend.io (White Source Ltd.) All rights reserved.