In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub’s search functionality, and using meticulously crafted repositories to distribute malware. Key Points Exploiting GitHub’s Search Functionality Our recent findings reveal a threat actor creating GitHub repositories with names and
Key Points Malicious Repo Confusion Campaign In light of a recent blog released by Apiiro, the cybersecurity landscape is yet again reminded of the innovative ways attackers exploit platforms like GitHub to host and spread malware. Apiiro’s findings reveal a large-scale malicious
Key Points What is Tornado Cash? Tornado Cash is a decentralized privacy solution built on the Ethereum blockchain, offering users non-custodial and anonymous transactions. Functioning as a cryptocurrency mixer, it provides a mechanism to obfuscate the origins and destinations of
The digital ocean on which many of us including the world’s largest corporations rely on, is filled with hidden dangers, particularly in the open-source ecosystem. One such peril that often does not get the attention it deserves is the threat
In early December, a number of malicious Python packages captured our attention, not just because of their malicious nature, but for the cleverness of their deployment strategy. The threat actors behind these packages deviated from conventional tactics, introducing a nuanced
In an era where digital warfare is as impactful, if not more so, than conventional warfare, one country has been consistently evolving its cyber-attack strategies, mainly focusing on supply chain compromises. Recent investigations have uncovered North Korean state-sponsored groups carrying
Key Points It has become commonplace for attackers to invest a significant amount of time and effort within the open-source ecosystem. Attackers, driven by malicious intent, demonstrate an extraordinary level of persistence in their pursuit of exploiting vulnerabilities in the
In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number of bad actors looking to exploit it. A recent example
In the realm of cyber warfare, adversary strategies are continuously evolving. With the reliance of our digital world on open-source software, we’ve noted an escalation in the complexity of attack methods. Threat actors are architecting complicated traps within the software
Key Points During the month of September, an attacker operating under the pseudonym “kohlersbtuh15”, attempted to exploit the open-source community by uploading a series of malicious packages to the PyPi package manager. Based on the names of these packages and
©2024 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified
