Head of CxDustico

Navigating the Rising Tide of CI/CD Vulnerabilities: The Jenkins and TeamCity Case Studies

In the evolving landscape of cybersecurity, a new threat has emerged, targeting the core of software development processes. Recently, an alarming incident has brought to light a significant vulnerability in Jenkins CI/CD servers. Approximately 45,000 Jenkins servers have been left exposed

February 6, 2024

How We Were Able to Infiltrate Attacker Telegram Bots

Key Points It is not uncommon for attackers to publish malicious packages that exfiltrate victims’ data to them using Telegram bots. However, what if we could eavesdrop on what the attacker sees? This blog will demonstrate exactly that. Infiltrating The

February 1, 2024

When the Hunter Becomes the Hunted

A cybersecurity researcher, delving into the depths of a malicious Python package, suddenly finds themselves in the crosshairs of the very hacker they were tracking. What starts as a pursuit of understanding harmful code evolves into a strategic battle of

January 18, 2024

NPM Account Takeover Results in Crypto Supply Chain Attack

In an alarming development for the cryptocurrency community, the Ledger Connect Kit, has fallen victim to a sophisticated supply chain attack, resulting in the redirection of users’ crypto transactions to a wallet controlled by the attacker. The Ledger Connect Kit is

December 15, 2023

First Known Targeted OSS Supply Chain Attacks Against the Banking Sector

Learn how Checkmarx and AWS have partnered to help your financial services firm adapt to the evolving landscape The way we bank has changed beyond recognition. Where transactions once took place in person within the walls of impressive buildings, we

July 21, 2023

A new, stealthier type of Typosquatting attack spotted targeting NPM 

Research done by Teach Zornstein and Yehuda Gelb Intro In the evolving world of cybersecurity, attackers are always looking for new ways to exploit weaknesses and compromise systems. Attackers have been using lowercase letters in package names on the Node

May 9, 2023

Attackers Target Packages in Multiple Programming Languages in Recent Software Supply Chain Attacks

Malicious packages in multiple programming languages that went undetected for years were revealed by the Checkmarx Supply Chain Security team using advanced threat hunting techniques. The fact that the packages stayed undetected for such a long period of time is

May 3, 2022

StarJacking – Making Your New Open Source Package Popular in a Snap

Checkmarx supply chain security has recently found a malicious PyPi package with more than 70,000 downloads using a technique we dubbed StarJacking - a way to make an open source package instantly look popular by abusing the lack of validation between the

April 19, 2022

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Products

Services

Why Checkmarx

Solutions For

Company

Tzachi Zornstein

Tzachi Zornstein

Navigating the Rising Tide of CI/CD Vulnerabilities: The Jenkins and TeamCity Case Studies

How We Were Able to Infiltrate Attacker Telegram Bots

When the Hunter Becomes the Hunted

NPM Account Takeover Results in Crypto Supply Chain Attack

First Known Targeted OSS Supply Chain Attacks Against the Banking Sector

A new, stealthier type of Typosquatting attack spotted targeting NPM

Attackers Target Packages in Multiple Programming Languages in Recent Software Supply Chain Attacks

StarJacking – Making Your New Open Source Package Popular in a Snap

Contact Us

Solutions

Industry

Solutions For

Services

Partners

COMPARE

Company

Resources

Community