Head of CxDustico

A new, stealthier type of Typosquatting attack spotted targeting NPM 

Research done by Teach Zornstein and Yehuda Gelb Intro In the evolving world of cybersecurity, attackers are always looking for new ways to exploit weaknesses and compromise systems. Attackers have been using lowercase letters in package names on the Node

May 9, 2023

Attackers Target Packages in Multiple Programming Languages in Recent Software Supply Chain Attacks

Malicious packages in multiple programming languages that went undetected for years were revealed by the Checkmarx Supply Chain Security team using advanced threat hunting techniques. The fact that the packages stayed undetected for such a long period of time is

May 3, 2022

StarJacking – Making Your New Open Source Package Popular in a Snap

Checkmarx supply chain security has recently found a malicious PyPi package with more than 70,000 downloads using a technique we dubbed StarJacking - a way to make an open source package instantly look popular by abusing the lack of validation between the

April 19, 2022

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Products

Services

Why Checkmarx

Solutions For

Company

Tzachi Zornstein

Tzachi Zornstein

A new, stealthier type of Typosquatting attack spotted targeting NPM

Attackers Target Packages in Multiple Programming Languages in Recent Software Supply Chain Attacks

StarJacking – Making Your New Open Source Package Popular in a Snap

Contact Us

Solutions

Industry

Solutions For

Services

Partners

Company

Resources

Community