Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

mend

Why AppSec and Network Risk Management Must Be Unified in the Modern Enterprise

Dec 18, 2025 By Tiffany Jennings In Mend
How Mend.io’s ServiceNow integration helps organizations manage application, network, and operational risks together—at scale. Managing AppSec and network risk as separate programs is no longer realistic for enterprise security teams. Today’s digital environments are interconnected, distributed, and constantly changing. A single misconfiguration, unpatched server, or vulnerable open-source component can become a point of exploitation when combined with weaknesses elsewhere in the stack.
Read Post
mend

NPM User Flooding Registry with Fake Font Packages

Dec 16, 2025 By Tom Abai In Mend
During routine monitoring of NPM registry activity, we identified a suspicious pattern involving user sdjkals who has published 10 packages containing what appear to be WOFF2 font files. Initial analysis reveals these are not legitimate font assets. The packages are scoped under @sdjkals/* with version numbers reaching 1.0.1594 and 1.0.1912, indicating extremely rapid republishing cycles, new versions are being pushed every few minutes.
Read Post

We Asked AI Security Experts to Explain Their Work Using Emojis #AISecurity #AI #AppSec

Dec 15, 2025 By Mend In Mend
Can you explain AI Security using only emojis? We challenged AI Security professionals to do just that — no words, just symbols. Their creative combos reveal how experts really think about risks, models, and protection in today’s AI-driven world. From to to , each emoji tells a story about securing the systems behind the world’s most powerful models. Subscribe for more creative takes on AppSec, AI Security, and secure development from the Mend.io team.
View Video

Hackers hijack Google Smart Home #aisecurity #mcpserver

Dec 5, 2025 By Mend In Mend
Building AI agents that can think, act, and adapt securely isn't easy. From prompt design to deployment, every stage brings new challenges and new risks. In this session, Bar-El Tayouri, Head of Mend AI at Mend.io, and Yehoshua (Shuki) Cohen, VP of Data and AI Evangelist at AI21 Labs, shared practical strategies for designing and defending agentic systems that actually deliver. Key topics covered: Originally recorded: October 29, 2024.
View Video
mend

From Zero to RCE: How a Single HTTP Request Compromises React and Next.js Applications

Dec 4, 2025 By Tom Abai In Mend
On December 3, 2025, the React team disclosed CVE-2025-55182, a critical remote code execution vulnerability in React Server Components. The flaw carries a CVSS score of 10.0, the maximum severity rating. What makes this vulnerability particularly dangerous is its simplicity: attackers only need to send a single crafted HTTP request to gain complete control over vulnerable servers. No authentication required. No complex exploit chains. Just one malicious request.
Read Post
mend

Mend.io + Wiz: A New Code-to-Cloud Integration for Accurate, Context-Driven Risk Prioritization

Dec 2, 2025 By Tiffany Jennings In Mend
Today, we’re excited to announce the availability of Mend.io’s new integration with Wiz, delivering a powerful Code-to-Cloud security workflow for joint customers. By bringing Mend SAST’s high-accuracy code findings directly into the Wiz platform, organizations can now unify code-level risks with cloud posture, runtime context, identities, and infrastructure—unlocking the complete picture needed to prioritize and remediate risk with confidence.
Read Post
mend

Best Application Security Testing Providers: Top 7 in 2025

Dec 1, 2025 By Tiffany Jennings In Mend
Top application security testing providers include Mend, Invicti, and Black Duck, offering a range of services like Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). Some providers also provide specialized services like securing AI applications and vulnerability management.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.