Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious on...
Risk management is an essential part of securing any digital transformation effort. The growth in use of cloud-native applications and microservices architecture is driving a broader industry tre...
https://checkmarx.com/blog/introducing-fusion-2-0-with-application-risk-management/
How SAST is customized for different applications Today, Checkmarx SAST provides tremendous flexibility to scan applications based on how they are built. This is done using two constructs: Quer...
https://checkmarx.com/blog/introducing-ai-query-builder-for-sast/
Research by David Sopas and João Morais Checkmarx Security Research team reached out to Ericsson’s Responsible Disclosure Program, notifying them of the the finding on 14th March 2023. Eric...
https://checkmarx.com/blog/ericsson-sensitive-data-exposure-via-trace-axd/
Research done by Teach Zornstein and Yehuda Gelb Intro In the evolving world of cybersecurity, attackers are always looking for new ways to exploit weaknesses and compromise systems. Attackers ...
https://checkmarx.com/blog/a-new-stealthier-type-of-typosquatting-attack-spotted-targeting-npm/
On December 9th, the most critical zero-day exploit in recent years was discovered affecting most of the biggest enterprise companies. This critical 0-day exploit was discovered in the extremely ...
https://checkmarx.com/blog/apache-log4j-remote-code-execution-cve-2021-44228/
Malicious Python Packages with Self-spreading Capabilities Caught Stealing Browser Credentials, Discord Tokens, and System Information. The malicious package is able to steal the user’s passwor...
https://checkmarx.com/blog/recently-discovered-supply-chain-worm/