News | Checkmarx Application Security


Your one stop for the latest application security articles, stories, and trends. Stay on top of the news and know what’s happening, both at Checkmarx and in the industry at large.


35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?
August 4, 2022

A hacker going by the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects —... Read More

Cybersecurity Startups Make Waves at RSAC 2022
June 9, 2022

RSA Conference 2022 showcased cybersecurity startups vying for a foothold in the crowded market. Here’s a roundup of the top announcements. Read More

Checkmarx Fusion Released
June 8, 2022

Checkmarx announced the availability of Checkmarx Fusion, a context-aware correlation engine that enables full visibility into applications, component interactions, and bills of materials. Read More

Hottest new cybersecurity products at RSA 2022
June 8, 2022

The annual RSA Conference is an opportunity for companies to showcase their latest cybersecurity products. Here are some of the most interesting new products being shown at RSA Conference 2022. Read More

2022 Women of the Channel Awards 
May 10, 2022

This year, CRN honors nearly 1400 women whose channel expertise and vision are deserving of recognition. The Most Powerful Women Of The Channel 2022: Power 100 > The Power 100 is culled from the ranks of CRN’s Women of the Channel and spotlights the female executives at vendors and distributors... Read More

DevSecOps: como integrar desenvolvimento, segurança e operações? 
May 10, 2022

O cenário da infraestrutura de TI passou por mudanças exponenciais na última década. A migração para plataformas ágeis de computação em nuvem, armazenamento, dados compartilhados e aplicativos dinâmicos trouxe enormes... Read More

Checkmarx Report Highlights Need for AppSec Collaboration 
May 9, 2022

A research report published by Checkmarx finds the same basic malicious software developed using multiple programming languages as cyberattackers industrialize their malware development processes. Read More

World Password Day helps to raise security awareness 
May 5, 2022

The death of the password is something that has been predicted for a very long time. But the venerable means of securing our accounts still clings tenaciously to life. Today's World Password Day is designed to raise awareness of the continued importance of passwords and the need -- where we do still... Read More

StarJacking: Attackers disguise malicious open source packages 
May 4, 2022

Open-Source-Pakete sind ein zentraler Bestandteil moderner Software-Supply-Chains. Die Entscheidung, welches Paket Entwickler in ihrem Projekt verwenden, hängt maßgeblich von dessen Bewertung und Downloadzahlen ab – diese Form der Entscheidungsfindung birgt aber auch Risiken. Read More

Attackers targeting packages in multiple coding languages in recent software supply chain attacks
May 3, 2022

Malicious packages in multiple coding languages that went undetected for years were revealed by the Checkmarx Supply Chain Security team using advanced threat hunting techniques. Read More

Checkmarx-SCA-Plug-in für JetBrains IntelliJ IDEA Ultimate
April 29, 2022

JetBrains und Checkmarx sind eine strategische Partnerschaft eingegangen. Fortan könnten Entwickler ihren nicht kompilierten Code einfach scannen, um Hunderte potenzielle Schwachstellen zu erkennen und zu beheben – alles von ihrem gewohnten IntelliJ IDEA Workspace aus. Read More

Licorne de la sécurité applicative, Checkmarx cible 30 millions de développeurs, et leurs successeurs. 
April 27, 2022

Licorne à 16 ans, suite au rachat à 1,15 milliard de dollars par H&F, Checkmarx n’a pas fini de faire parler d’elle. Rencontre avec Emmanuel Benzaquen, son CEO dès l’origine. Read More

The Implications of Twitter’s Potential Algorithm Move to Open Source 
April 27, 2022

ElonMusk’s recently announced takeover of Twitter raises a whole slew of questions and concerns for the future of the social media platform. One such question comes from the potential shift... Read More

Checkmarx Finds Malicious Open Source PyPi Repository 
April 20, 2022

Checkmarx, a provider of a platform for testing application security, this week disclosed it has discovered a malicious instance of a PyPi repository for Python code that has been downloaded more than 70,000 times. Read More

Checkmarx: Attackers Hijacking GitHub Ratings to ‘Infect As Many Targets As Possible
April 20, 2022

Cybersecurity company Checkmarx said it has discovered that hackers can effectively hijack GitHub’s star ratings of open-source products to trick developers into downloading malicious code. In a blog post, Checkmarx’s Tzachi “Zack”... Read More

Checkmarx and JetBrains provide developers with security information during development
April 15, 2022

Checkmarx’ Software Composition Analysis (SCA) solution has been integrated directly into the JetBrains IntelliJ IDEA Ultimate through a free plug-in to provide the Software Composition Analysis to IntelliJ IDEA Ultimate... Read More

New Research From Checkmarx Prompts Supply Chain Security Solution to Restore Trust in Open Source Packages 
April 8, 2022

Now available for use with Checkmarx Software Composition Analysis (SCA), the solution restores trust in modern application development while letting developers embrace open source code RAMAT GAN, Israel and ATLANTA, March 22, 2022 /PRNewswire/ — Checkmarx,... Read More

RED-LILI continues to launch NPM attacks on Azure developers
March 28, 2022

Researchers on Monday reported that threat actor RED-LILI has launched hundreds of malicious packages as part of node package manager (NPM) attacks on Azure and other developers. Read More

Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks 
March 28, 2022

Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of "hundreds of malicious packages" into the NPM ecosystem. The... Read More

Hundreds more packages found in malicious npm ‘factory 
March 28, 2022

Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor had published at least 200 malicious Node Package Manager (npm) packages. The team said that the repositories were first detected on... Read More

Skip to content