News | Checkmarx Application Security


Your one stop for the latest application security articles, stories, and trends. Stay on top of the news and know what’s happening, both at Checkmarx and in the industry at large.


StarJacking: Attackers disguise malicious open source packages 
May 4, 2022

Open-Source-Pakete sind ein zentraler Bestandteil moderner Software-Supply-Chains. Die Entscheidung, welches Paket Entwickler in ihrem Projekt verwenden, hängt maßgeblich von dessen Bewertung und Downloadzahlen ab – diese Form der Entscheidungsfindung birgt aber auch Risiken. Read More

Attackers targeting packages in multiple coding languages in recent software supply chain attacks
May 3, 2022

Malicious packages in multiple coding languages that went undetected for years were revealed by the Checkmarx Supply Chain Security team using advanced threat hunting techniques. Read More

Checkmarx-SCA-Plug-in für JetBrains IntelliJ IDEA Ultimate
April 29, 2022

JetBrains und Checkmarx sind eine strategische Partnerschaft eingegangen. Fortan könnten Entwickler ihren nicht kompilierten Code einfach scannen, um Hunderte potenzielle Schwachstellen zu erkennen und zu beheben – alles von ihrem gewohnten IntelliJ IDEA Workspace aus. Read More

Licorne de la sécurité applicative, Checkmarx cible 30 millions de développeurs, et leurs successeurs. 
April 27, 2022

Licorne à 16 ans, suite au rachat à 1,15 milliard de dollars par H&F, Checkmarx n’a pas fini de faire parler d’elle. Rencontre avec Emmanuel Benzaquen, son CEO dès l’origine. Read More

The Implications of Twitter’s Potential Algorithm Move to Open Source 
April 27, 2022

ElonMusk’s recently announced takeover of Twitter raises a whole slew of questions and concerns for the future of the social media platform. One such question comes from the potential shift... Read More

Checkmarx Finds Malicious Open Source PyPi Repository 
April 20, 2022

Checkmarx, a provider of a platform for testing application security, this week disclosed it has discovered a malicious instance of a PyPi repository for Python code that has been downloaded more than 70,000 times. Read More

Checkmarx: Attackers Hijacking GitHub Ratings to ‘Infect As Many Targets As Possible
April 20, 2022

Cybersecurity company Checkmarx said it has discovered that hackers can effectively hijack GitHub’s star ratings of open-source products to trick developers into downloading malicious code. In a blog post, Checkmarx’s Tzachi “Zack”... Read More

Checkmarx and JetBrains provide developers with security information during development
April 15, 2022

Checkmarx’ Software Composition Analysis (SCA) solution has been integrated directly into the JetBrains IntelliJ IDEA Ultimate through a free plug-in to provide the Software Composition Analysis to IntelliJ IDEA Ultimate... Read More

New Research From Checkmarx Prompts Supply Chain Security Solution to Restore Trust in Open Source Packages 
April 8, 2022

Now available for use with Checkmarx Software Composition Analysis (SCA), the solution restores trust in modern application development while letting developers embrace open source code RAMAT GAN, Israel and ATLANTA, March 22, 2022 /PRNewswire/ — Checkmarx,... Read More

RED-LILI continues to launch NPM attacks on Azure developers
March 28, 2022

Researchers on Monday reported that threat actor RED-LILI has launched hundreds of malicious packages as part of node package manager (NPM) attacks on Azure and other developers. Read More

Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks 
March 28, 2022

Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of "hundreds of malicious packages" into the NPM ecosystem. The... Read More

Hundreds more packages found in malicious npm ‘factory 
March 28, 2022

Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor had published at least 200 malicious Node Package Manager (npm) packages. The team said that the repositories were first detected on... Read More

Fifteen women in technology share their experiences of the working world
March 24, 2022

In the world of work, and particularly within the technology industry, women have long experienced a number of challenges, from the battle for equal pay to breaking the ‘glass ceiling’,... Read More

Checkmarx Launches Supply Chain Solution for Malicious Open Source Packages  
March 22, 2022

Checkmarx, the global leader in developer-centric application security testing (AST) solutions, today announced the launch of the Checkmarx Supply Chain Security solution to identify suspicious and potentially malicious open source... Read More

Low-Code/No-Code Comes with Conveniences, Concerns 
March 22, 2022

Low-code and no-code applications and platforms are emerging as a response to many factors, including companies’ move towards digital transformation and the explosion of remote work that resulted from the pandemic. Read More

Best DevSecOps Tools
March 17, 2022

The growth of DevSecOps tools is an encouraging sign that software and application service providers are increasingly integrating security into the software development lifecycle (SDLC). Read More

The importance of building in security during software development 
March 14, 2022

Checkmarx released the UK findings of its report which found that 45% of organizations have suffered at least two security breaches as a direct result of a vulnerable application. Alongside this,... Read More

Cybersecurity Bills in the 117th Congress 
March 7, 2022

Cybersecurity continues to be a serious issue for the United States federal government. As the impacts of the massive Solar Winds hack linger over the government, the public has grown increasingly concerned about invasions of privacy and potential threats to critical infrastructure, such as the power grid. Congress is taking... Read More

That Smartphone Isn’t Secure Just Because It’s ‘New’
February 28, 2022

While the last couple of years has significantly altered smartphone usage patterns across the world, the increased use has brought with it alarming misapprehensions about mobile security, according to a... Read More

Latest Hacking News: Zenly App Vulnerabilities Could Allow Account Takeover
February 28, 2022

Severe vulnerabilities in the Zenly app risked users’ privacy as the app exposed phone numbers and allowed account takeovers. In the worst-case the bugs would lead to a massive wave... Read More

Skip to content