Checkmarx Security Research Team

Category //

Checkmarx Security Research Team

New Protestware Found Lurking in Highly Popular NPM Package

Does Protestware undermine the trustworthiness of OSS ecosystems? Two popular packages, “styled-components” and “es5-ext”, with millions of weekly downloads and thousands of dependent projects, released new Protestware versions. The new versions verify that the infected machine belongs to a Russian

Read More »

SpringShell – Remote Code Execution via Spring Web

SpringShell is a new vulnerability in Spring, the world’s most popular Java framework, which enables remote code execution (RCE) using ClassLoader access to manipulate attributes and setters. This issue was unfortunately leaked online without responsible disclosure before an official patch

Read More »

A Beautiful Factory for Malicious Packages

Checkmarx Supply Chain Security (SCS) team has uncovered hundreds of malicious packages attempting to use a dependency confusion attack. Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks. As it seems this time, the attacker

Read More »

Protestware, Politics, and Open Source Software

Intro A popular NPM package node-ipc was purposely infected with a malicious payload by its own creator to protest over the Russia-Ukraine war. This package has over a million weekly downloads and hundreds of direct other dependent packages, including the

Read More »

APACHE LOG4J RCE – Variants and Updates

This is the MOST RECENT update to our previous research blog: APACHE LOG4J REMOTE CODE EXECUTION – CVE-2021-44228 On December 9th the most critical zero-day exploit in recent years was disclosed, affecting most of the biggest enterprise companies. This critical

Read More »
Skip to content