Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones. While this specific risk was mitigated, a quick glance through
Risk management is an essential part of securing any digital transformation effort. The growth in use of cloud-native applications and microservices architecture is driving a broader industry trend toward more applications. For AppSec teams, the movement to different dev teams
How SAST is customized for different applications Today, Checkmarx SAST provides tremendous flexibility to scan applications based on how they are built. This is done using two constructs: Queries are building blocks for identifying potential vulnerabilities and critical for filtering
Research by David Sopas and João Morais Checkmarx Security Research team reached out to Ericsson’s Responsible Disclosure Program, notifying them of the the finding on 14th March 2023. Ericsson acknowledged the finding and replied that the issue was fixed on 11th April
Research done by Teach Zornstein and Yehuda Gelb Intro In the evolving world of cybersecurity, attackers are always looking for new ways to exploit weaknesses and compromise systems. Attackers have been using lowercase letters in package names on the Node
On December 9th, the most critical zero-day exploit in recent years was discovered affecting most of the biggest enterprise companies. This critical 0-day exploit was discovered in the extremely popular Java logging library log4j which allows RCE (Remote code execution)
Malicious Python Packages with Self-spreading Capabilities Caught Stealing Browser Credentials, Discord Tokens, and System Information. The malicious package is able to steal the user’s password from their Chrome browser, along with Discord tokens and system information, and exfiltrate this data
©2024 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified
