A new class of vulnerabilities in specific implementations of the HTTP/2 protocol, dubbed “HTTP/2 CONTINUATION Flood,” has been discovered, causing concern across the Internet. Various affected products have already been identified and assigned CVEs, with more expected to be disclosed
In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub’s search functionality, and using meticulously crafted repositories to distribute malware. Key Points Exploiting GitHub’s Search Functionality Our recent findings reveal a threat actor creating GitHub repositories with names and
The xz project, a tool used by many Linux distributions for compressing files, was compromised by a malicious actor who gradually took over the project and inserted a backdoor. The attack, discovered accidently on March 29, 2024, by a developer
A few hours ago, The Python Package Index (PyPi) suspended new project creation and new user registration to mitigate an ongoing malware upload campaign. The research team of Checkmarx simultaneously investigated a campaign of multiple malicious packages appear to be
Learn how Checkmarx and AWS have partnered to help your financial services firm adapt to the evolving landscape The way we bank has changed beyond recognition. Where transactions once took place in person within the walls of impressive buildings, we
Key Points Malicious Repo Confusion Campaign In light of a recent blog released by Apiiro, the cybersecurity landscape is yet again reminded of the innovative ways attackers exploit platforms like GitHub to host and spread malware. Apiiro’s findings reveal a large-scale malicious
Key Points What is Tornado Cash? Tornado Cash is a decentralized privacy solution built on the Ethereum blockchain, offering users non-custodial and anonymous transactions. Functioning as a cryptocurrency mixer, it provides a mechanism to obfuscate the origins and destinations of
The digital ocean on which many of us including the world’s largest corporations rely on, is filled with hidden dangers, particularly in the open-source ecosystem. One such peril that often does not get the attention it deserves is the threat
In the evolving landscape of cybersecurity, a new threat has emerged, targeting the core of software development processes. Recently, an alarming incident has brought to light a significant vulnerability in Jenkins CI/CD servers. Approximately 45,000 Jenkins servers have been left exposed
Key Points It is not uncommon for attackers to publish malicious packages that exfiltrate victims’ data to them using Telegram bots. However, what if we could eavesdrop on what the attacker sees? This blog will demonstrate exactly that. Infiltrating The
©2024 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified
